Linux Kernel
Monthly
In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A use-after-free vulnerability exists in the GFS2 filesystem implementation of the Linux kernel, specifically in the gfs2_glock_shrink_scan function. The vulnerability affects multiple Linux kernel versions ranging from 4.4 through 5.13-rc2, allowing local attackers with low privileges to potentially achieve arbitrary code execution, information disclosure, or system crashes. With an EPSS score of only 0.02%, this vulnerability has a very low probability of real-world exploitation despite its high CVSS score of 7.8.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status ==. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A denial-of-service vulnerability exists in the Linux kernel's MLX5 network driver switchdev mode implementation, caused by a problematic commit (662404b24a4c4d839839ed25e3097571f5938b9b) that was reverted due to suspected instability and system crashes. Local attackers with low privileges can trigger this vulnerability to cause system unavailability or kernel crashes without user interaction. The vulnerability affects Linux kernel versions 6.3 through 6.8-rc1, with an EPSS score of 0.02% indicating low exploitation probability in the wild, though patches are available from the kernel maintainers.
This vulnerability in the Linux kernel's SMB client implementation fails to properly set user identity attributes (uid, gid, cruid) during multiuser automount operations, causing child mounts to inherit credentials from the parent mount instead of dynamically assigning correct values. A local attacker with unprivileged user access can exploit this to gain unauthorized access to files or perform operations with elevated privileges on SMB shares, potentially leading to privilege escalation. The vulnerability affects multiple kernel versions from 5.15.124 through 6.8-rc4, patches are available from the kernel maintainers, and the EPSS score of 0.03% indicates low real-world exploitation probability despite the moderate CVSS rating.
A memory management flaw exists in the Linux kernel's framebuffer console (fbcon) font handling code where system fonts fail to be restored to their previous state when a vc_resize() operation fails during fbcon_do_set_font(). This oversight allows subsequent font_get() calls to access corrupted or uninitialized memory, leading to kernel crashes and denial of service. The vulnerability affects Linux kernel versions up to and including 6.8-rc6, requires local user privileges to trigger, and is difficult but reproducible with fault injection techniques as demonstrated by Syzkaller.
A memory leak vulnerability exists in the Linux kernel's posix_clock_open() function where allocated pccontext memory is not properly released if the clock operations open() callback returns an error. This affects Linux kernel versions including 6.9-rc1 and potentially earlier releases across all architectures. An unprivileged local attacker with standard user privileges can trigger repeated failed clock open operations to exhaust kernel memory and cause denial of service, though the extremely low EPSS score of 0.01% indicates exploitation in the wild is unlikely despite the vulnerability being patched across multiple kernel versions.
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged local users to overwrite read-only files, enabling trivial privilege escalation to root on Linux 5.8+.
In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A use-after-free vulnerability exists in the GFS2 filesystem implementation of the Linux kernel, specifically in the gfs2_glock_shrink_scan function. The vulnerability affects multiple Linux kernel versions ranging from 4.4 through 5.13-rc2, allowing local attackers with low privileges to potentially achieve arbitrary code execution, information disclosure, or system crashes. With an EPSS score of only 0.02%, this vulnerability has a very low probability of real-world exploitation despite its high CVSS score of 7.8.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status ==. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A denial-of-service vulnerability exists in the Linux kernel's MLX5 network driver switchdev mode implementation, caused by a problematic commit (662404b24a4c4d839839ed25e3097571f5938b9b) that was reverted due to suspected instability and system crashes. Local attackers with low privileges can trigger this vulnerability to cause system unavailability or kernel crashes without user interaction. The vulnerability affects Linux kernel versions 6.3 through 6.8-rc1, with an EPSS score of 0.02% indicating low exploitation probability in the wild, though patches are available from the kernel maintainers.
This vulnerability in the Linux kernel's SMB client implementation fails to properly set user identity attributes (uid, gid, cruid) during multiuser automount operations, causing child mounts to inherit credentials from the parent mount instead of dynamically assigning correct values. A local attacker with unprivileged user access can exploit this to gain unauthorized access to files or perform operations with elevated privileges on SMB shares, potentially leading to privilege escalation. The vulnerability affects multiple kernel versions from 5.15.124 through 6.8-rc4, patches are available from the kernel maintainers, and the EPSS score of 0.03% indicates low real-world exploitation probability despite the moderate CVSS rating.
A memory management flaw exists in the Linux kernel's framebuffer console (fbcon) font handling code where system fonts fail to be restored to their previous state when a vc_resize() operation fails during fbcon_do_set_font(). This oversight allows subsequent font_get() calls to access corrupted or uninitialized memory, leading to kernel crashes and denial of service. The vulnerability affects Linux kernel versions up to and including 6.8-rc6, requires local user privileges to trigger, and is difficult but reproducible with fault injection techniques as demonstrated by Syzkaller.
A memory leak vulnerability exists in the Linux kernel's posix_clock_open() function where allocated pccontext memory is not properly released if the clock operations open() callback returns an error. This affects Linux kernel versions including 6.9-rc1 and potentially earlier releases across all architectures. An unprivileged local attacker with standard user privileges can trigger repeated failed clock open operations to exhaust kernel memory and cause denial of service, though the extremely low EPSS score of 0.01% indicates exploitation in the wild is unlikely despite the vulnerability being patched across multiple kernel versions.
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged local users to overwrite read-only files, enabling trivial privilege escalation to root on Linux 5.8+.