Hi!

> This week reported 4 new CVEs and 7 updated CVEs.
> 
> * New CVEs
> 
> CVE-2023-3141: memstick: r592: Fix UAF bug in r592_remove due to race condition
> 
> CVSS v3 score is 5.9 MEDIUM.
> 
> The client side in OpenSSH 5.7 through 8.4 has an Observable
> Discrepancy leading to an information leak in the algorithm
> negotiation. This allows man-in-the-middle attackers to target initial
> connection attempts (where no host key for the server has been cached
> by the client).

Description seems wrong here. Here's better one:

https://nvd.nist.gov/vuln/detail/CVE-2023-3141

A use-after-free flaw was found in r592_remove in
drivers/memstick/host/r592.c in media access in the Linux Kernel. This
flaw allows a local attacker to crash the system at device disconnect,
possibly leading to a kernel information leak.

Best regards,
							Pavel
-- 
DENX Software Engineering GmbH,        Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany