Hyunwoo Kim

7 exploits Active since Sep 2022
CVE-2022-39842 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.19 - Integer Overflow
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.
CVSS 6.1
CVE-2022-40307 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.19.8 - Race Condition
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
CVSS 4.7
CVE-2023-32269 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.1.11 - Use After Free
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
CVSS 6.7
CVE-2023-51779 WRITEUP HIGH WRITEUP
Linux kernel <6.6.8 - Use After Free
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
CVSS 7.0
CVE-2023-51780 WRITEUP HIGH WRITEUP
Linux kernel <6.6.8 - Use After Free
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
CVSS 7.0
CVE-2023-51781 WRITEUP HIGH WRITEUP
Linux kernel <6.6.8 - Use After Free
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
CVSS 7.0
CVE-2023-51782 WRITEUP HIGH WRITEUP
Linux kernel <6.6.8 - Use After Free
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
CVSS 7.0