19 Linux Kernel CVEs in January 2023
Full month · Source: NIST NVD
In January 2023, 19 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 10 were rated High severity and 9 Medium. CVE-2023-0266 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. January's 19 CVEs represent 6% of all 2023 Linux kernel CVEs , down from December's 46 (a 59% month-over-month decrease) .
Actively Exploited CVEs — January 2023
1 CVE in CISA KEVCVE-2023-0266 is the only Linux kernel CVE from January 2023 confirmed as actively exploited in the wild. It carries a CVSS score of 7.0 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2023-0266 | High KEV | 7.0 | 2023-01-30 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2022-2196 | linux | High | 8.8 | 2023-01-09 | A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry o… | |
| CVE-2022-4139 | linux | High | 7.8 | 2023-01-27 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memo… | |
| CVE-2023-23559 | linux | High | 7.8 | 2023-01-13 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow… | |
| CVE-2022-3977 | linux | High | 7.8 | 2023-01-12 | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This … | |
| CVE-2022-4696 | linux | High | 7.8 | 2023-01-11 | There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If… | |
| CVE-2022-4378 | linux | High | 7.8 | 2023-01-05 | A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters … | |
| CVE-2023-0122 | linux | High | 7.5 | 2023-01-17 | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attac… | |
| CVE-2022-4379 | linux | High | 7.5 | 2023-01-10 | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allo… | |
| CVE-2022-41858 | linux | High | 7.1 | 2023-01-17 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach… | |
| CVE-2023-0266 | linux | High KEV | 7.0 | 2023-01-30 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 … | |
| CVE-2022-3628 | linux | Medium | 6.6 | 2023-01-12 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user conn… | |
| CVE-2023-0394 | linux | Medium | 5.5 | 2023-01-26 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in… | |
| CVE-2023-0469 | linux | Medium | 5.5 | 2023-01-26 | A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Li… | |
| CVE-2022-47929 | linux | Medium | 5.5 | 2023-01-17 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivilege… | |
| CVE-2023-23455 | linux | Medium | 5.5 | 2023-01-12 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service b… |