Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-26 | CVE-2023-32629 | Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | Ubuntu_linux | 7.8 | ||
| 2023-09-01 | CVE-2023-1523 | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. | Snapd, Ubuntu_linux | 10.0 | ||
| 2023-09-01 | CVE-2023-3297 | In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. | Accountsservice, Ubuntu_linux | 7.8 | ||
| 2023-09-27 | CVE-2023-44216 | PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | Ryzen_5_7600x, Ryzen_7_4800u, M1_mac_mini, Macos, Ubuntu_linux, Android, Pixel_6, Core_i7\-10510u, Core_i7\-10610u, Core_i7\-11800h, Core_i7\-12700k, Core_i7\-8700, Windows_10, Windows_11, Geforce_rtx_2080_super, Geforce_rtx_3060 | 5.3 | ||
| 2023-12-12 | CVE-2023-5536 | A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | Ubuntu_linux | 6.4 | ||
| 2024-01-08 | CVE-2022-2585 | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | Ubuntu_linux, Linux_kernel | 7.8 | ||
| 2024-01-08 | CVE-2022-2588 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | Ubuntu_linux, Linux_kernel | 7.8 | ||
| 2024-01-08 | CVE-2022-2602 | io_uring UAF, Unix SCM garbage collection | Ubuntu_linux, Linux_kernel | 7.0 | ||
| 2024-01-08 | CVE-2021-3600 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. | Ubuntu_linux, Fedora, Linux_kernel, Enterprise_linux | 7.8 | ||
| 2024-01-08 | CVE-2023-1032 | The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. | Ubuntu_linux, Linux_kernel | 5.5 |