45 Linux Kernel CVEs in March 2023
Full month · Source: NIST NVD
In March 2023, 45 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 23 were rated High severity and 20 Medium. CVE-2023-0386 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. March's 45 CVEs represent 15% of all 2023 Linux kernel CVEs , up from February's 17 (a 165% month-over-month increase) .
Actively Exploited CVEs — March 2023
1 CVE in CISA KEVCVE-2023-0386 is the only Linux kernel CVE from March 2023 confirmed as actively exploited in the wild. It carries a CVSS score of 7.8 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2023-0386 | High KEV | 7.8 | 2023-03-22 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2023-28339 | linux | High | 8.8 | 2023-03-14 | OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the o… | |
| CVE-2023-28464 | linux | High | 7.8 | 2023-03-31 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_co… | |
| CVE-2022-4744 | linux | High | 7.8 | 2023-03-30 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the devi… | |
| CVE-2023-1670 | linux | High | 7.8 | 2023-03-30 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could u… | |
| CVE-2023-0179 | linux | High | 7.8 | 2023-03-27 | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the le… | |
| CVE-2023-1078 | linux | High | 7.8 | 2023-03-27 | A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses l… | |
| CVE-2023-1252 | linux | High | 7.8 | 2023-03-23 | A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations s… | |
| CVE-2022-4095 | linux | High | 7.8 | 2023-03-22 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/r… | |
| CVE-2023-1281 | linux | High | 7.8 | 2023-03-22 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The im… | |
| CVE-2023-0386 | linux | High KEV | 7.8 | 2023-03-22 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities w… | |
| CVE-2022-48424 | linux | High | 7.8 | 2023-03-19 | In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault… | |
| CVE-2022-48425 | linux | High | 7.8 | 2023-03-19 | In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before … | |
| CVE-2022-48423 | linux | High | 7.8 | 2023-03-19 | In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write … | |
| CVE-2022-40540 | linux | High | 7.8 | 2023-03-10 | Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. | |
| CVE-2023-0030 | linux | High | 7.8 | 2023-03-08 | A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that caus… |