VIR Vulnerability Intelligence Relay

CVEs from 2023

6,671 normalized CVEs published or assigned in this year.

Total
6,671
critical
critical 222
high
high 1,565
medium
medium 1,266
low
low 28
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • registrationmagic 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • cbot_panel 6
  • codeready_linux_builder_eus 6
  • openstack_platform 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-52880 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP… redhatsusedebianalmalinux
CVE-2023-52771 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix delete_endpoint() vs parent unregistration race The CXL subsystem, at cxl_mem ->probe() time, establishes a lineage… redhatsusedebianalmalinux
CVE-2023-52864 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private… redhatrockylinuxsusedebian+1
CVE-2023-52651 high 8.0 2y ago Important: kernel security update redhatsuserockylinuxalmalinux
CVE-2023-52796 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlan_route_v6_outbound() helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack … redhatrockylinuxsusedebian+1
CVE-2023-52623 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running p… rockylinuxsusedebianalmalinux
CVE-2023-52530 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 d… rockylinuxsusedebianalmalinux
CVE-2023-52803 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir… rockylinuxsusedebianalmalinux
CVE-2023-52847 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_ir… rockylinuxsusedebianalmalinux
CVE-2023-52764 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in dri… rockylinuxsusedebianalmalinux
CVE-2023-52777 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event … rockylinuxsusedebianalmalinux
CVE-2023-52653 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2… rockylinuxsusedebianalmalinux
CVE-2023-52845 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: … rockylinuxsusedebianalmalinux
CVE-2023-52471 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memory whi… rockylinuxsusedebianalmalinux
CVE-2023-52638 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock The following 3 locks would race against each other, causing … redhatsuserockylinuxdebian+1
CVE-2023-52700 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.39… rockylinuxsusedebianalmalinux
CVE-2023-52669 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole blo… rockylinuxsusedebianalmalinux
CVE-2023-52675 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memo… rockylinuxsusedebianalmalinux
CVE-2023-52877 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on … rockylinuxsusedebianalmalinux
CVE-2023-52835 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with:… rockylinuxsusedebianalmalinux
CVE-2023-52781 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descr… rockylinuxsusedebianalmalinux
CVE-2023-4727 high 8.0 2y ago Important: pki-core security update redhatrockylinuxdebian
CVE-2023-6597 high 8.0 2y ago Important: python3.9 security update redhatrockylinuxsusedebian+1
CVE-2023-20592 high 8.0 2y ago Important: linux-firmware security update debianrockylinuxsuse
CVE-2023-53709 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rb_move_tail and rb_check_pages It seems a data race between ring_buffer writing and integrity c… redhatsusedebian
CVE-2023-53351 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work queue before calling timeout handling During an IGT GPU reset test we see again oops despite of c… redhatsusedebian
CVE-2023-42890 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-53791 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: use mddev->external to select holder in export_r… redhatsusedebian
CVE-2023-54263 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP Fixes OOPS on boards with ANX9805 DP encoders. redhatsusedebian
CVE-2023-53471 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras gfx9 cp_ecc_error_irq is only enabled when legacy… redhatsusedebian
CVE-2023-53258 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank [Why] Underflow observed when using a display with a large… redhatsusedebian
CVE-2023-54261 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add missing gfx11 MQD manager callbacks mqd_stride function was introduced in commit 2f77b9a242a2 ("drm/amdkfd: Updat… redhatsusedebian
CVE-2023-53415 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, ot… redhatsusedebian
CVE-2023-54324 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipat… redhatsusedebian
CVE-2023-53473 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4_dirhash() The ext4_dirhash() will *almost* never fail, especially when the hash tree featu… redhatsusedebian
CVE-2023-52984 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leav… redhatsusedebian
CVE-2023-39928 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-52999 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() tries to cl… redhatsusedebian
CVE-2023-52985 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8mm-verdin: Do not power down eth-phy Currently if suspending using either freeze or memory state, the fec driver … redhatsusedebian
CVE-2023-54326 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the … redhatsusedebian
CVE-2023-54316 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: refscale: Fix uninitalized use of wait_queue_head_t Running the refscale test occasionally crashes the kernel with the following … redhatsusedebian
CVE-2023-53285 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been… redhatsusedebian
CVE-2023-53275 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() The variable codec->regmap is often… redhatsusedebian
CVE-2023-52940 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. This is… redhatsusedebian
CVE-2023-53848 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix a deadlock in r5l_exit_log() Commit b13015af94cf ("md/raid5-cache: Clear conf->log after finishing work") int… redhatsusedebian
CVE-2023-54038 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no… redhatsusedebian
CVE-2023-42875 high 8.0 2y ago Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory… redhatarchsusedebian
CVE-2023-54030 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: io_uring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performan… redhatsusedebian
CVE-2023-45229 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-53847 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alauda_check_media() Syzbot got KMSAN to complain about access to an uninitialized value… redhatsusedebian
CVE-2023-54031 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr … redhatsusedebian
CVE-2023-32359 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-54033 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps The LRU and LRU_PERCPU maps allocate a new element on update before lo… redhatsusedebian
CVE-2023-53152 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warning in amddrm_buddy_fini The following call trace is observed when removing the amdgpu driver, whic… redhatsusedebian
CVE-2023-53151 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing write… redhatsusedebian
CVE-2023-52578 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from mult… redhatrockylinuxsusedebian+1
CVE-2023-53149 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4_writepages() calls to avoi… redhatsusedebian
CVE-2023-41915 high 8.0 2y ago Important: pmix security update redhatsuserockylinuxdebian+1
CVE-2023-54197 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" This reverts commit 1e9ac114c4428fdb7f… redhatsusedebian
CVE-2023-54026 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: opp: Fix use-after-free in lazy_opp_tables after probe deferral When dev_pm_opp_of_find_icc_paths() in _allocate_opp_table() retu… redhatsusedebian
CVE-2023-53228 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amd… redhatsusedebian
CVE-2023-52478 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (T… redhatrockylinuxsusedebian+1
CVE-2023-45233 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-53263 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create We can't simply free the connector after calli… redhatsusedebian
CVE-2023-39193 high 8.0 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an ou… redhatrockylinuxsusedebian+1
CVE-2023-52486 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_… redhatrockylinuxsusedebian+1
CVE-2023-40414 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-52581 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switc… redhatrockylinuxsusedebian+1
CVE-2023-53580 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC ga… redhatsusedebian
CVE-2023-52470 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_in… redhatrockylinuxsusedebian+1
CVE-2023-54028 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" In the function rxe_create_qp(), rxe_qp_from_init… redhatsusedebian
CVE-2023-53647 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the Fixes: tag below the VMBus clien… redhatsusedebian
CVE-2023-41983 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-53713 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 … redhatsusedebian
CVE-2023-53784 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dw_hdmi: fix connector access for scdc Commit 5d844091f237 ("drm/scdc-helper: Pimp SCDC debugs") changed the scdc in… redhatsusedebian
CVE-2023-39189 high 8.0 2y ago A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_N… redhatrockylinuxsusedebian+1
CVE-2023-53164 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe of_irq_find_parent() returns a node pointer with refcount incre… redhatsusedebian
CVE-2023-52580 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff patte… redhatrockylinuxsusedebian+1
CVE-2023-53621 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to whi… redhatsusedebian
CVE-2023-28866 high 8.0 2y ago In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. redhatsusedebianalmalinux
CVE-2023-53586 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_RESET handling This fixes a bug where an initiator thinks a LUN_RESET has cleaned up running comma… redhatsusedebian
CVE-2023-31083 high 8.0 2y ago An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is s… redhatrockylinuxsusedebian+1
CVE-2023-39194 high 8.0 2y ago A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw … redhatrockylinuxsusedebian+1
CVE-2023-53649 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel->priv area In 3cb4d5e00e037c70 ("perf trace: Free syscall tp fields in evsel->priv") it only wa… redhatsusedebian
CVE-2023-52597 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a… redhatsusedebianalmalinux
CVE-2023-52976 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efi_mem_reserve_persistent When iterating on a linked list, a result of memremap is dereferenced… redhatsusedebian
CVE-2023-54120 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to … redhatsusedebian
CVE-2023-42852 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-54254 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on eviction error On eviction errors other than -EMULTIHOP we were leaking a resource. Fix. v2: -… redhatsusedebian
CVE-2023-4133 high 8.0 2y ago A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work … redhatrockylinuxsusedebian+1
CVE-2023-39198 high 8.0 2y ago A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the … redhatrockylinuxsusedebian+1
CVE-2023-53016 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. Whil… redhatsusedebian
CVE-2023-54260 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL,… redhatsusedebian
CVE-2023-53352 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/ttm: check null pointer before accessing when swapping Add a check to avoid null pointer dereference as below: [ 90.002283… redhatsusedebian
CVE-2023-53335 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() If get_ep_from_tid() fails to lookup non-NULL value for ep, ep is de… redhatsusedebian
CVE-2023-53857 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_sk_storage: Fix invalid wait context lockdep report './test_progs -t test_local_storage' reported a splat: [ 27.13756… redhatsusedebian
CVE-2023-45232 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-54022 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urb… redhatsusedebian
CVE-2023-53270 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size, triggeri… redhatsusedebian
CVE-2023-53577 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode e… redhatsusedebian