CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-54095 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to… | |||
| CVE-2023-54113 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: rcu: dump vmalloc memory info safely Currently, for double invoke call_rcu(), will dump rcu_head objects memory info, if the obje… | |||
| CVE-2023-54118 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early,… | |||
| CVE-2023-52757 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no… | |||
| CVE-2023-52749 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system… | |||
| CVE-2023-52740 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can fl… | |||
| CVE-2023-52731 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the d… | |||
| CVE-2023-54172 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking (IBT), Hyp… | |||
| CVE-2023-53613 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like … | |||
| CVE-2023-52697 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs,… | |||
| CVE-2023-52696 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory w… | |||
| CVE-2023-52689 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mut… | |||
| CVE-2023-52477 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/h… | |||
| CVE-2023-52467 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memory w… | |||
| CVE-2023-52676 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the … | |||
| CVE-2023-52663 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct… | |||
| CVE-2023-52656 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS… | |||
| CVE-2023-52650 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and retur… | |||
| CVE-2023-52649 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Avoid reading beyond LUT array When the floor LUT index (drm_fixp2int(lut_index) is the last index of the array the cei… | |||
| CVE-2023-52643 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iio_device_register_sysfs When iio_device_register_sysfs_group() fails, we should free iio_dev_opaque->… | |||
| CVE-2023-52625 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface [Why] We can hang in place trying to send commands when the DMCUB isn't… | |||
| CVE-2023-52624 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW t… | |||
| CVE-2023-52621 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers ar… | |||
| CVE-2023-52606 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instruc… | |||
| CVE-2023-52594 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_… | |||
| CVE-2023-52565 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read. | |||
| CVE-2023-53861 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash… | |||
| CVE-2023-53747 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the … | |||
| CVE-2023-52528 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ====… | |||
| CVE-2023-53505 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise i… | |||
| CVE-2023-53697 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() Memory pointed by 'nd_pmu->pmu.attr_groups' is allocated in fun… | |||
| CVE-2023-27349 | medium | — | 5.5 | 2y ago | RHSA-2025:4043: bluez security update (Moderate) | |||
| CVE-2023-53702 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 ("crypto: s390 - add crypto library inter… | |||
| CVE-2023-52520 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribut… | |||
| CVE-2023-54066 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When m… | |||
| CVE-2023-53997 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal zone paramet… | |||
| CVE-2023-52661 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fail… | |||
| CVE-2023-52833 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer der… | |||
| CVE-2023-52837 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_di… | |||
| CVE-2023-53391 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the … | |||
| CVE-2023-6681 | medium | — | 5.5 | 2y ago | Moderate: python-jwcrypto security update | |||
| CVE-2023-53674 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier bu… | |||
| CVE-2023-54301 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: 8250_bcm7271: fix leak in `brcmuart_probe` Smatch reports: drivers/tty/serial/8250/8250_bcm7271.c:1120 brcmuart_probe() w… | |||
| CVE-2023-53068 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket b… | |||
| CVE-2023-52935 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Pa… | |||
| CVE-2023-52859 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allo… | |||
| CVE-2023-52932 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add cond_resched() in get_swap_pages() The softlockup still occurs in get_swap_pages() under memory pressure. 64 CP… | |||
| CVE-2023-52902 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_jus… | |||
| CVE-2023-54299 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typec_altmode_attention Some usb hubs will negotiate DisplayPort Alt mode with the devi… | |||
| CVE-2023-41910 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2023-53178 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption, w… | |||
| CVE-2023-50967 | medium | — | 5.5 | 2y ago | RHSA-2024:5294: jose security update (Moderate) | |||
| CVE-2023-54298 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quark_dts: fix error pointer dereference If alloc_soc_dts() fails, then we can just return. Trying to free "soc_… | |||
| CVE-2023-54291 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting t… | |||
| CVE-2023-53230 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning in cifs_smb3_do_mount() This fixes the following warning reported by kernel test robot fs/smb/client/… | |||
| CVE-2023-54136 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak. | |||
| CVE-2023-53220 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and… | |||
| CVE-2023-52473 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_… | |||
| CVE-2023-52462 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot… | |||
| CVE-2023-54271 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init blk-iocost sometimes causes the following crash… | |||
| CVE-2023-53176 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the gene… | |||
| CVE-2023-50230 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-54268 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation f… | |||
| CVE-2023-38709 | medium | — | 5.5 | 2y ago | Apache HTTP Server vulnerabilities | |||
| CVE-2023-51594 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-51592 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-51589 | medium | — | 5.5 | 2y ago | RHSA-2025:4043: bluez security update (Moderate) | |||
| CVE-2023-51580 | medium | — | 5.5 | 2y ago | Moderate: bluez security update | |||
| CVE-2023-54194 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree The call stack shown below is a scenario in the Linux 4.19 kernel… | |||
| CVE-2023-54165 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zs_map_object() to zs_malloc() Under memory pressure, we sometimes observe the following crash: [… | |||
| CVE-2023-53249 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle th… | |||
| CVE-2023-53264 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically han… | |||
| CVE-2023-52920 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instruction… | |||
| CVE-2023-54153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsisten… | |||
| CVE-2023-52658 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-48161 | medium | — | 5.5 | 2y ago | Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c | |||
| CVE-2023-39368 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-46103 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-22655 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-38575 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-43490 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-45733 | medium | — | 5.5 | 2y ago | Moderate: microcode_ctl security update | |||
| CVE-2023-20584 | medium | — | 5.5 | 2y ago | Moderate: linux-firmware security update | |||
| CVE-2023-31356 | medium | — | 5.5 | 2y ago | Moderate: linux-firmware security update | |||
| CVE-2023-52801 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-52463 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-6349 | medium | — | 5.5 | 2y ago | RHSA-2024:5941: libvpx security update (Moderate) | |||
| CVE-2023-37920 | medium | — | 5.5 | 2y ago | Moderate: fence-agents security update | |||
| CVE-2023-25433 | medium | — | 5.5 | 2y ago | RHSA-2024:5079: libtiff security update (Moderate) | |||
| CVE-2023-52809 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-52458 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2023-45236 | medium | — | 5.5 | 2y ago | RHSA-2024:5297: edk2 security update (Moderate) | |||
| CVE-2023-31346 | medium | — | 5.5 | 2y ago | RHSA-2024:4262: linux-firmware security update (Moderate) | |||
| CVE-2023-45237 | medium | — | 5.5 | 2y ago | RHSA-2024:5297: edk2 security update (Moderate) | |||
| CVE-2023-52667 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2023-52626 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2023-38264 | medium | — | 5.5 | 2y ago | RHSA-2024:6595: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2023-52607 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which… | |||
| CVE-2023-52598 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced pro… | |||
| CVE-2023-53698 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is ru… |