CVE-2023-0459

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-763
View all →

Vulnerability Description

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Related Vulnerabilities

CVE-2019-20170

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.

CWE-7632019

CVE-2019-20631

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via...

CWE-7632019

CVE-2019-20632

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a deni...

CWE-7632019

CVE-2020-28941

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack,...

CWE-7632020

CVE-2020-8715

MEDIUM
CVSS:5.5(Medium)

Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access.

CWE-7632020

CVE-2021-45261

MEDIUM
CVSS:5.5(Medium)

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

CWE-7632021