VIR Vulnerability Intelligence Relay

CVEs from 2023

6,664 normalized CVEs published or assigned in this year.

Total
6,664
critical
critical 221
high
high 1,562
medium
medium 1,264
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • openstack_platform 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-54030 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: io_uring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performan… redhatsusedebian
CVE-2023-53152 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warning in amddrm_buddy_fini The following call trace is observed when removing the amdgpu driver, whic… redhatsusedebian
CVE-2023-54242 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: block, bfq: Fix division by zero error on zero wsum When the weighted sum is zero the calculation of limit causes a division by z… redhatsusedebian
CVE-2023-54031 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr … redhatsusedebian
CVE-2023-53097 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it… redhatsusedebian
CVE-2023-52984 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leav… redhatsusedebian
CVE-2023-53016 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. Whil… redhatsusedebian
CVE-2023-53649 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel->priv area In 3cb4d5e00e037c70 ("perf trace: Free syscall tp fields in evsel->priv") it only wa… redhatsusedebian
CVE-2023-54022 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urb… redhatsusedebian
CVE-2023-53821 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the… redhatsusedebian
CVE-2023-54014 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Klocwork reported warning of rport maybe NULL and will be derefere… redhatsusedebian
CVE-2023-54060 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this was… redhatsusedebian
CVE-2023-54135 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offse… redhatsusedebian
CVE-2023-53354 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zeroco… redhatsusedebian
CVE-2023-53550 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix global sysfs attribute type In commit 3666062b87ec ("cpufreq: amd-pstate: move to use bus_get_dev_root()… redhatsusedebian
CVE-2023-54016 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak in rx_desc and tx_desc Currently when ath12k_dp_cc_desc_init() is called we allocate memory to rx_d… redhatsusedebian
CVE-2023-53208 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1… redhatsusedebian
CVE-2023-54064 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanning for an adapter The adapter scan ssif_info_find() sets info->adapter_name if the adapte… redhatsusedebian
CVE-2023-53270 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size, triggeri… redhatsusedebian
CVE-2023-53661 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a… redhatsusedebian
CVE-2023-53465 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14), however… redhatsusedebian
CVE-2023-54006 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_soc… redhatsusedebian
CVE-2023-54003 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix GID entry ref leak when create_ah fails If AH create request fails, release sgid_attr to avoid GID entry referrenc… redhatsusedebian
CVE-2023-53999 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act tab… redhatsusedebian
CVE-2023-53995 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bo… redhatsusedebian
CVE-2023-53258 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank [Why] Underflow observed when using a display with a large… redhatsusedebian
CVE-2023-53993 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y After a pci_doe_task completes, its work_struct needs to be destroyed to avo… redhatsusedebian
CVE-2023-53992 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just… redhatsusedebian
CVE-2023-54021 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_… redhatsusedebian
CVE-2023-53663 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN inst… redhatsusedebian
CVE-2023-53665 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after export_rdev() Except for initial reference, mddev->kobject is referenced by rdev->kobject, and … redhatsusedebian
CVE-2023-53848 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix a deadlock in r5l_exit_log() Commit b13015af94cf ("md/raid5-cache: Clear conf->log after finishing work") int… redhatsusedebian
CVE-2023-53847 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alauda_check_media() Syzbot got KMSAN to complain about access to an uninitialized value… redhatsusedebian
CVE-2023-53709 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rb_move_tail and rb_check_pages It seems a data race between ring_buffer writing and integrity c… redhatsusedebian
CVE-2023-53843 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) re… redhatsusedebian
CVE-2023-53844 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on swapout move error If moving the bo to system for swapout failed, we were leaking a resource. F… redhatsusedebian
CVE-2023-53857 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_sk_storage: Fix invalid wait context lockdep report './test_progs -t test_local_storage' reported a splat: [ 27.13756… redhatsusedebian
CVE-2023-53645 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Make bpf_refcount_acquire fallible for non-owning refs This patch fixes an incorrect assumption made in the original bpf_ref… redhatsusedebian
CVE-2023-53842 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove The MBHC resources must be released on component probe failure … redhatsusedebian
CVE-2023-53585 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The semantics for bpf_sk_assign are as follows: sk = some_lookup_func() bp… redhatsusedebian
CVE-2023-53490 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b ("mptcp: fix possible divide by zero in recvmsg()"), the mptcp p… redhatsusedebian
CVE-2023-53228 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amd… redhatsusedebian
CVE-2023-52999 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() tries to cl… redhatsusedebian
CVE-2023-53632 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features() Hold RTNL lock when calling xdp_set_features() with a reg… redhatsusedebian
CVE-2023-53863 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes addre… redhatsusedebian
CVE-2023-52881 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Ro… redhatrockylinuxsusedebian+1
CVE-2023-53525 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qp_type to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PS_UD… redhatsusedebian
CVE-2023-53621 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to whi… redhatsusedebian
CVE-2023-53150 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport(… redhatsusedebian
CVE-2023-53057 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considers that stage[i] is v… redhatsusedebian
CVE-2023-53726 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c ("arm64: csum: Fix pathological… redhatsusedebian
CVE-2023-53833 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL ptr deref by checking new_crtc_state intel_atomic_get_new_crtc_state can return NULL, unless crtc state wasn't… redhatsusedebian
CVE-2023-53501 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind When unbinding pasid - a race condition exists vs … redhatsusedebian
CVE-2023-54184 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That … redhatsusedebian
CVE-2023-54090 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let the xdpdrv work with more than 64 cpus") adds supp… redhatsusedebian
CVE-2023-53545 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csa_va properly Root PD BO should be reserved before unmap and remove a bo_va from VM otherwise lock… redhatsusedebian
CVE-2023-45235 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-53819 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB access in amdgpu_vm_update_range when offset_in_bo+ma… redhatsusedebian
CVE-2023-54008 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: virtio_vdpa: build affinity masks conditionally We try to build affinity mask via create_affinity_masks() unconditionally which m… redhatsusedebian
CVE-2023-53813 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix rbtree traversal bug in ext4_mb_use_preallocated During allocations, while looking for preallocations(PA) in the per in… redhatsusedebian
CVE-2023-53823 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: block/rq_qos: protect rq_qos apis with a new lock commit 50e34d78815e ("block: disable the elevator int del_gendisk") move rq_qos… redhatsusedebian
CVE-2023-53180 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup Currently 'ar' reference is not added in skb_cb. Thoug… redhatsusedebian
CVE-2023-53652 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr whe… redhatsusedebian
CVE-2023-53371 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create The memory pointed to by the fs->any pointer is not freed in the er… redhatsusedebian
CVE-2023-53810 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key has completed, filesystems can c… redhatsusedebian
CVE-2023-53806 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restart observed while changing the display resolutio… redhatsusedebian
CVE-2023-53019 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bound… redhatsusedebian
CVE-2023-53791 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: use mddev->external to select holder in export_r… redhatsusedebian
CVE-2023-53784 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dw_hdmi: fix connector access for scdc Commit 5d844091f237 ("drm/scdc-helper: Pimp SCDC debugs") changed the scdc in… redhatsusedebian
CVE-2023-45289 high 8.0 2y ago Important: golang security update redhatrockylinuxsusedebian+2
CVE-2023-53164 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe of_irq_find_parent() returns a node pointer with refcount incre… redhatsusedebian
CVE-2023-45232 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-52973 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_d… redhatsusedebian
CVE-2023-53559 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field… redhatsusedebian
CVE-2023-53761 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a use… redhatsusedebian
CVE-2023-42754 high 8.0 2y ago A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always t… redhatrockylinuxsusedebian+1
CVE-2023-45233 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-54221 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe In function probe(), it returns directly without unregi… redhatsusedebian
CVE-2023-53612 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globa… redhatsusedebian
CVE-2023-53546 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx when mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the … redhatsusedebian
CVE-2023-53990 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifs_del_deferred_close function has a critical section which modifie… redhatsusedebian
CVE-2023-5574 high 8.0 2y ago Important: tigervnc security update redhatsusedebianalmalinux
CVE-2023-42852 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-53743 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: PCI: Free released resource after coalescing release_resource() doesn't actually free the resource or resource list entry so free… redhatsusedebian
CVE-2023-53751 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many times … redhatsusedebian
CVE-2023-41983 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-42890 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-53713 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 … redhatsusedebian
CVE-2023-53711 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a… redhatsusedebian
CVE-2023-32359 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-53722 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-o… redhatsusedebian
CVE-2023-53304 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix overlap expiration walk The lazy gc on insert that should remove timed-out entries fails to releas… redhatsusedebian
CVE-2023-40414 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-54254 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on eviction error On eviction errors other than -EMULTIHOP we were leaking a resource. Fix. v2: -… redhatsusedebian
CVE-2023-39928 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-41915 high 8.0 2y ago Important: pmix security update redhatsuserockylinuxdebian+1
CVE-2023-42883 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian+1
CVE-2023-53696 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() There is a memory leak reported by kmemleak: unreferenced object 0xffffc… redhatsusedebian
CVE-2023-52489 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory … redhatrockylinuxsusedebian+1
CVE-2023-51780 high 8.0 2y ago An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. redhatrockylinuxsusedebian+1