) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2023-52462 - In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slot_type[BPF_REG_SIZE - 1] (plus potentially few mo... read CVE-2023-52462
Published: February 23, 2024; 10:15:08 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52463 - In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At th... read CVE-2023-52463
Published: February 23, 2024; 10:15:08 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52464 - In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thund... read CVE-2023-52464
Published: February 23, 2024; 10:15:08 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-26595 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ... read CVE-2024-26595
Published: February 23, 2024; 10:15:09 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-26596 - In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for every NETDEV_CHANGEUPPER and NETD... read CVE-2024-26596
Published: February 23, 2024; 10:15:09 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-26597 - In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink at... read CVE-2024-26597
Published: February 23, 2024; 10:15:09 AM -0500V3.1: 7.1 HIGH
-
CVE-2024-26598 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that in... read CVE-2024-26598
Published: February 23, 2024; 10:15:09 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-26599 - In the Linux kernel, the following vulnerability has been resolved: pwm: Fix out-of-bounds access in of_pwm_single_xlate() With args->args_count == 2 args->args[2] is not defined. Actually the flags are contained in args->args[1].
Published: February 23, 2024; 10:15:09 AM -0500V3.1: 7.8 HIGH
-
CVE-2021-46904 - In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first ... read CVE-2021-46904
Published: February 26, 2024; 11:27:45 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2021-46905 - In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported ... read CVE-2021-46905
Published: February 26, 2024; 11:27:45 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2022-48626 - In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving th... read CVE-2022-48626
Published: February 26, 2024; 11:27:45 AM -0500V3.1: 7.8 HIGH
-
CVE-2023-52465 - In the Linux kernel, the following vulnerability has been resolved: power: supply: Fix null pointer dereference in smb2_probe devm_kasprintf and devm_kzalloc return a pointer to dynamically allocated memory which can be NULL upon failure.
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52467 - In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52468 - In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in class_register() The lock_class_key is still registered and can be found in lock_keys_hash hlist after subsys_private is freed in error handler path... read CVE-2023-52468
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 7.8 HIGH
-
CVE-2023-52469 - In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. Howev... read CVE-2023-52469
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 7.8 HIGH
-
CVE-2023-52471 - In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52472 - In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations... read CVE-2023-52472
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52470 - In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2023-52473 - In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_with_trips() returns an error, the tz variable i... read CVE-2023-52473
Published: February 26, 2024; 11:27:48 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-26600 - In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call ... read CVE-2024-26600
Published: February 26, 2024; 11:27:59 AM -0500V3.1: 5.5 MEDIUM