VIR Vulnerability Intelligence Relay

CVEs from 2023

6,664 normalized CVEs published or assigned in this year.

Total
6,664
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • openstack_platform 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • registrationmagic 6
  • codeready_linux_builder_eus 6
  • cbot_panel 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2023-54100 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work… redhatsusedebian
CVE-2023-54096 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: soundwire: fix enumeration completion The soundwire subsystem uses two completion structures that allow drivers to wait for sound… redhatsusedebian
CVE-2023-54091 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with… redhatsusedebian
CVE-2023-54076 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() helper to get an active reference of @ses and @ses->d… redhatsusedebian
CVE-2023-53052 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umo… redhatsusedebian
CVE-2023-54156 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool self… redhatsusedebian
CVE-2023-54072 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against… redhatsusedebian
CVE-2023-53057 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considers that stage[i] is v… redhatsusedebian
CVE-2023-54069 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow When we calculate the end position of ext4_free_extent, this position may… redhatsusedebian
CVE-2023-54070 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 ("igb: Enable SR-IOV after reinit"), removing the… redhatsusedebian
CVE-2023-53293 high 8.0 2y ago RHSA-2024:2394: kernel security, bug fix, and enhancement update (Important) redhatsuse
CVE-2023-54186 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pin_assignment_show This patch fixes negative indexing of buf array in pin_assignment_show … redhatsusedebian
CVE-2023-54064 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Fix a memory leak when scanning for an adapter The adapter scan ssif_info_find() sets info->adapter_name if the adapte… redhatsusedebian
CVE-2023-53094 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: fix race on RX DMA shutdown From time to time DMA completion can come in the middle of DMA shutdown: <p… redhatsusedebian
CVE-2023-54062 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute … redhatsusedebian
CVE-2023-54060 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this was… redhatsusedebian
CVE-2023-32359 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian
CVE-2023-54052 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem… redhatsusedebian
CVE-2023-54048 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Drive… redhatsusedebian
CVE-2023-53047 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead t… redhatsusedebian
CVE-2023-41915 high 8.0 2y ago Important: pmix security update redhatsuserockylinuxdebian
CVE-2023-53097 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it… redhatsusedebian
CVE-2023-53046 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hci_cmd_sync_clear There is a potential race condition in hci_cmd_sync_work and hci_cmd_sync_cle… redhatsusedebian
CVE-2023-45232 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-45235 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-54033 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps The LRU and LRU_PERCPU maps allocate a new element on update before lo… redhatsusedebian
CVE-2023-54038 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no… redhatsusedebian
CVE-2023-54031 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr … redhatsusedebian
CVE-2023-54030 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: io_uring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performan… redhatsusedebian
CVE-2023-54028 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" In the function rxe_create_qp(), rxe_qp_from_init… redhatsusedebian
CVE-2023-54022 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urb… redhatsusedebian
CVE-2023-54021 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_… redhatsusedebian
CVE-2023-54026 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: opp: Fix use-after-free in lazy_opp_tables after probe deferral When dev_pm_opp_of_find_icc_paths() in _allocate_opp_table() retu… redhatsusedebian
CVE-2023-54016 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak in rx_desc and tx_desc Currently when ath12k_dp_cc_desc_init() is called we allocate memory to rx_d… redhatsusedebian
CVE-2023-54014 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Klocwork reported warning of rport maybe NULL and will be derefere… redhatsusedebian
CVE-2023-54251 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. syzkaller found zero division error [0] in div_s64_rem() ca… redhatsusedebian
CVE-2023-3446 high 8.0 2y ago Important: edk2 security update rockylinuxredhatsusedebian
CVE-2023-54006 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_soc… redhatsusedebian
CVE-2023-52999 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() tries to cl… redhatsusedebian
CVE-2023-54003 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix GID entry ref leak when create_ah fails If AH create request fails, release sgid_attr to avoid GID entry referrenc… redhatsusedebian
CVE-2023-53999 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act tab… redhatsusedebian
CVE-2023-53019 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bound… redhatsusedebian
CVE-2023-53018 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the m… redhatsusedebian
CVE-2023-53993 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y After a pci_doe_task completes, its work_struct needs to be destroyed to avo… redhatsusedebian
CVE-2023-52934 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support to MADV_COLL… redhatsusedebian
CVE-2023-53992 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just… redhatsusedebian
CVE-2023-53990 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifs_del_deferred_close function has a critical section which modifie… redhatsusedebian
CVE-2023-53017 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr… redhatsusedebian
CVE-2023-53209 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: Fix possible NULL dereference In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, t… redhatsusedebian
CVE-2023-53148 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: igb: Fix igb_down hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type… redhatsusedebian
CVE-2023-53995 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bo… redhatsusedebian
CVE-2023-54302 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdma_wait_event and irdma_check_… redhatsusedebian
CVE-2023-53860 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption tha… redhatsusedebian
CVE-2023-53857 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_sk_storage: Fix invalid wait context lockdep report './test_progs -t test_local_storage' reported a splat: [ 27.13756… redhatsusedebian
CVE-2023-53847 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alauda_check_media() Syzbot got KMSAN to complain about access to an uninitialized value… redhatsusedebian
CVE-2023-53848 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix a deadlock in r5l_exit_log() Commit b13015af94cf ("md/raid5-cache: Clear conf->log after finishing work") int… redhatsusedebian
CVE-2023-53487 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas_flash: allow user copy to flash block cache objects With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), usi… redhatsusedebian
CVE-2023-53581 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the … redhatsusedebian
CVE-2023-54316 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: refscale: Fix uninitalized use of wait_queue_head_t Running the refscale test occasionally crashes the kernel with the following … redhatsusedebian
CVE-2023-53164 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe of_irq_find_parent() returns a node pointer with refcount incre… redhatsusedebian
CVE-2023-53844 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on swapout move error If moving the bo to system for swapout failed, we were leaking a resource. F… redhatsusedebian
CVE-2023-53235 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_device() the driver may be dereferenced by device-… redhatsusedebian
CVE-2023-53843 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) re… redhatsusedebian
CVE-2023-53842 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove The MBHC resources must be released on component probe failure … redhatsusedebian
CVE-2023-53016 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. Whil… redhatsusedebian
CVE-2023-52881 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Ro… redhatrockylinuxsusedebian+1
CVE-2023-53823 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: block/rq_qos: protect rq_qos apis with a new lock commit 50e34d78815e ("block: disable the elevator int del_gendisk") move rq_qos… redhatsusedebian
CVE-2023-53819 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va This is motivated by OOB access in amdgpu_vm_update_range when offset_in_bo+ma… redhatsusedebian
CVE-2023-53813 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix rbtree traversal bug in ext4_mb_use_preallocated During allocations, while looking for preallocations(PA) in the per in… redhatsusedebian
CVE-2023-6531 high 8.0 2y ago A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. redhatsusedebianalmalinux
CVE-2023-40414 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian
CVE-2023-53810 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key has completed, filesystems can c… redhatsusedebian
CVE-2023-54242 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: block, bfq: Fix division by zero error on zero wsum When the weighted sum is zero the calculation of limit causes a division by z… redhatsusedebian
CVE-2023-53806 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: populate subvp cmd info only for the top pipe [Why] System restart observed while changing the display resolutio… redhatsusedebian
CVE-2023-53791 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: use mddev->external to select holder in export_r… redhatsusedebian
CVE-2023-53821 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the… redhatsusedebian
CVE-2023-53004 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix tmpfile leak Missed an error cleanup. redhatsusedebian
CVE-2023-53863 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes addre… redhatsusedebian
CVE-2023-53784 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dw_hdmi: fix connector access for scdc Commit 5d844091f237 ("drm/scdc-helper: Pimp SCDC debugs") changed the scdc in… redhatsusedebian
CVE-2023-54135 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offse… redhatsusedebian
CVE-2023-53632 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features() Hold RTNL lock when calling xdp_set_features() with a reg… redhatsusedebian
CVE-2023-52529 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb()… redhatsusedebianalmalinux
CVE-2023-53652 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr whe… redhatsusedebian
CVE-2023-45231 high 8.0 2y ago Important: edk2 security update redhatdebiansuserockylinux
CVE-2023-53761 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a use… redhatsusedebian
CVE-2023-53661 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a… redhatsusedebian
CVE-2023-54160 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra trigge… redhatsusedebian
CVE-2023-45288 high 8.0 2y ago Important: git-lfs security update redhatrockylinuxsusedebian+1
CVE-2023-40547 high 8.0 2y ago Important: shim bug fix update redhatsusedebian
CVE-2023-40551 high 8.0 2y ago Important: shim bug fix update redhatsusedebian
CVE-2023-40546 high 8.0 2y ago Important: shim bug fix update redhatsusedebian
CVE-2023-40550 high 8.0 2y ago Important: shim bug fix update redhatsusedebian
CVE-2023-40549 high 8.0 2y ago Important: shim bug fix update redhatsusedebian
CVE-2023-40548 high 8.0 2y ago Important: shim bug fix update redhatsusedebian
CVE-2023-6516 high 8.0 2y ago Important: bind security update redhatdebianrockylinuxsuse
CVE-2023-5679 high 8.0 2y ago Important: bind security update redhatdebianrockylinuxsuse
CVE-2023-4408 high 8.0 2y ago Important: bind security update redhatdebianrockylinuxsuse
CVE-2023-5517 high 8.0 2y ago Important: bind security update redhatdebianrockylinuxsuse
CVE-2023-48275 high 8.0 8.0 2y ago Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.
CVE-2023-46809 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian