VIR Vulnerability Intelligence Relay

CVEs from 2023

6,976 normalized CVEs published or assigned in this year.

Total
6,976
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.2%
% with KEV
2.3%
% with exploit
2.4%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • openstack_platform 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-52731 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the d… redhatsusedebian
CVE-2023-52749 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system… redhatsusedebian
CVE-2023-52757 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no… redhatsusedebian
CVE-2023-52788 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL … redhatsusedebian
CVE-2023-52814 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, s… redhatsusedebian
CVE-2023-52819 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexibl… redhatsusedebian
CVE-2023-52831 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, th… redhatsusedebian
CVE-2023-52833 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer der… redhatsusedebian
CVE-2023-52837 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_di… redhatsusedebian
CVE-2023-44431 medium 5.5 2y ago Moderate: bluez security update redhatdebiansuserockylinux
CVE-2023-52867 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after acces… redhatsusedebian
CVE-2023-51592 medium 5.5 2y ago Moderate: bluez security update redhatdebiansuserockylinux
CVE-2023-51594 medium 5.5 2y ago Moderate: bluez security update redhatdebiansuserockylinux
CVE-2023-53752 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmalloc_reserve() Blamed commit changed: ptr = kmalloc(size); if (ptr) size = k… redhatsusedebian
CVE-2023-53708 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`… redhatsusedebian
CVE-2023-53391 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the … redhatsusedebian
CVE-2023-53470 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ionic: catch failure from devlink_alloc Add a check for NULL on the alloc return. If devlink_alloc() fails and we try to use dev… redhatsusedebian
CVE-2023-53704 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() Replace of_iomap() and kzalloc() with devm_of_iomap() and d… redhatsusedebian
CVE-2023-54095 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to… redhatsusedebian
CVE-2023-54010 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects ACPICA commit 0d5f467d6a0ba852ea3aad68663cbc… redhatsusedebian
CVE-2023-53505 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise i… redhatsusedebian
CVE-2023-53483 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() devm_kzalloc() may fail, clk_data->name might be NUL… redhatsusedebian
CVE-2023-53687 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we itera… redhatsusedebian
CVE-2023-54093 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null… redhatsusedebian
CVE-2023-53503 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4_get_group_info() to fail Previously, ext4_get_group_info() would treat an invalid group number as BUG(), since i… redhatsusedebian
CVE-2023-53702 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 ("crypto: s390 - add crypto library inter… redhatsusedebian
CVE-2023-54066 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When m… redhatsusedebian
CVE-2023-54172 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking (IBT), Hyp… redhatsusedebian
CVE-2023-54114 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() As the call trace shows, skb_panic was caused by wrong sk… redhatsusedebian
CVE-2023-52664 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_… redhatsusedebian
CVE-2023-53861 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash… redhatsusedebian
CVE-2023-53182 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Be… redhatsusedebian
CVE-2023-53662 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} If the filename casefolding fails, we'll be leaking memory f… redhatsusedebian
CVE-2023-53059 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `… redhatsusedebian
CVE-2023-53744 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe wkup_m3_ipc_get() takes refcount, which should be freed by wkup_m3_ipc_put(… redhatsusedebian
CVE-2023-53395 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI sp… redhatsusedebian
CVE-2023-53176 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the gene… redhatsusedebian
CVE-2023-53858 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error If clk_get_rate() fails, the clk that has… redhatsusedebian
CVE-2023-38709 medium 5.5 2y ago Moderate: httpd security update debianredhatrockylinuxsuse
CVE-2023-51580 medium 5.5 2y ago Moderate: bluez security update redhatdebiansuserockylinux
CVE-2023-53249 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle th… redhatsusedebian
CVE-2023-53220 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and… redhatsusedebian
CVE-2023-53402 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: kernel/printk/index.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() call… redhatsusedebian
CVE-2023-54165 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zs_map_object() to zs_malloc() Under memory pressure, we sometimes observe the following crash: [… redhatsusedebian
CVE-2023-53597 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exce… redhatsusedebian
CVE-2023-53596 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the … redhatsusedebian
CVE-2023-54136 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak. redhatsusedebian
CVE-2023-53531 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request timeout handling When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel if poll r… redhatsusedebian
CVE-2023-52466 medium 5.5 2y ago RHSA-2024:9315: kernel security update (Moderate) redhatsuse
CVE-2023-53697 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() Memory pointed by 'nd_pmu->pmu.attr_groups' is allocated in fun… redhatsusedebian
CVE-2023-54246 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() The rcuscale.holdoff module parameter can be used… redhatsusedebian
CVE-2023-53572 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entr… redhatsusedebian
CVE-2023-52482 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which e… redhatsusedebian
CVE-2023-54244 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used insid… redhatsusedebian
CVE-2023-54083 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, it will assign the phy dev to usb-phy dev and… redhatsusedebian
CVE-2023-53719 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() w… redhatsusedebian
CVE-2023-53230 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifs_smb3_do_mount() This fixes the following warning reported by kernel test robot fs/smb/client/… redhatsusedebian
CVE-2023-53997 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal zone paramet… redhatsusedebian
CVE-2023-53401 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() KCSAN found an issue in obj_stock_flush_required(): stock-… rockylinuxredhatsusedebian
CVE-2023-54268 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation f… redhatsusedebian
CVE-2023-50967 medium 5.5 2y ago Moderate: jose security update redhatdebianrockylinux
CVE-2023-53558 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() pr_info() is called with rtp->cbs_gbl_lock spin lock locked. … redhatsusedebian
CVE-2023-52475 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate dri… redhatsusedebian
CVE-2023-51589 medium 5.5 2y ago Moderate: bluez security update redhatdebianrockylinuxsuse
CVE-2023-54019 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroup_file_release causes UAF issues w… redhatsusedebian
CVE-2023-51764 medium 5.5 2y ago Moderate: postfix security update redhatsuserockylinuxdebian
CVE-2023-52758 medium 5.5 2y ago RHSA-2024:9315: kernel security update (Moderate) redhatsuse
CVE-2023-54118 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early,… redhatsusedebian
CVE-2023-53768 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Fix out-of-bounds access when allocating config buffers When allocating the 2D array for handling IRQ type registers … redhatsusedebian
CVE-2023-53613 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like … redhatsusedebian
CVE-2023-54113 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: rcu: dump vmalloc memory info safely Currently, for double invoke call_rcu(), will dump rcu_head objects memory info, if the obje… redhatsusedebian
CVE-2023-53397 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in is_executable_section() The > comparison should be >= to prevent an out of bounds array access. redhatsusedebian
CVE-2023-54146 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer"), freei… redhatsusedebian
CVE-2023-54323 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxl_pci; modprobe -r cxl_pci; done ...f… redhatsusedebian
CVE-2023-54301 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: 8250_bcm7271: fix leak in `brcmuart_probe` Smatch reports: drivers/tty/serial/8250/8250_bcm7271.c:1120 brcmuart_probe() w… redhatsusedebian
CVE-2023-53731 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issu… redhatsusedebian
CVE-2023-54299 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typec_altmode_attention Some usb hubs will negotiate DisplayPort Alt mode with the devi… redhatsusedebian
CVE-2023-54271 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash… redhatsusedebian
CVE-2023-54267 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT lppaca_shared_proc() takes a pointer to the lppaca which is t… redhatsusedebian
CVE-2023-54291 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting t… redhatsusedebian
CVE-2023-54227 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to… redhatsusedebian
CVE-2023-54194 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree The call stack shown below is a scenario in the Linux 4.19 kernel… redhatsusedebian
CVE-2023-54198 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270, tty_dri… redhatsusedebian
CVE-2023-54298 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quark_dts: fix error pointer dereference If alloc_soc_dts() fails, then we can just return. Trying to free "soc_… redhatsusedebian
CVE-2023-53674 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier bu… redhatsusedebian
CVE-2023-52467 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memory w… redhatsusedebian
CVE-2023-52920 medium 5.5 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instruction… susedebianlinux
CVE-2023-54153 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsisten… redhatsusedebian
CVE-2023-48161 medium 5.5 2y ago Moderate: java-21-openjdk security update redhatrockylinuxdebiansuse
CVE-2023-43490 medium 5.5 2y ago Moderate: microcode_ctl security update redhatalmalinuxsusedebian+1
CVE-2023-39368 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-45733 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-46103 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-38575 medium 5.5 2y ago Moderate: microcode_ctl security update almalinuxredhatsusedebian+1
CVE-2023-22655 medium 5.5 2y ago Moderate: microcode_ctl security update redhatsusedebianrockylinux
CVE-2023-20584 medium 5.5 2y ago Moderate: linux-firmware security update debianredhatrockylinuxsuse
CVE-2023-31356 medium 5.5 2y ago Moderate: linux-firmware security update debianredhatrockylinuxsuse
CVE-2023-52439 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_devic… redhatrockylinuxsusedebian
CVE-2023-52801 medium 5.5 2y ago In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled… redhatsuserockylinuxdebian
CVE-2023-6349 medium 5.5 2y ago Moderate: libvpx security update rockylinuxsusedebian