7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.2%
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)
It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)
It was discovered that a race condition existed in the Xen transport layer
implementation for the 9P file system protocol in the Linux kernel, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (guest crash) or expose sensitive information (guest
kernel memory). (CVE-2023-1859)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
It was discovered that the BigBen Interactive Kids’ gamepad driver in the
Linux kernel did not properly handle device removal, leading to a use-
after-free vulnerability. A local attacker with physical access could plug
in a specially crafted USB device to cause a denial of service (system
crash). (CVE-2023-25012)
It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.10 | noarch | linux-image-5.19.0-1021-raspi | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-buildinfo-5.19.0-1021-raspi | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-headers-5.19.0-1021-raspi | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-image-5.19.0-1021-raspi-dbgsym | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-modules-5.19.0-1021-raspi | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-modules-extra-5.19.0-1021-raspi | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-raspi-headers-5.19.0-1021 | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-raspi-tools-5.19.0-1021 | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-tools-5.19.0-1021-raspi | < 5.19.0-1021.28 | UNKNOWN |
Ubuntu | 22.10 | noarch | linux-image-5.19.0-1025-oracle | < 5.19.0-1025.28 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.2%