CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47531 – drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
https://notcve.org/view.php?id=CVE-2021-47531
Rastreo de llamadas: __arch_copy_to_user+0xc0/0x30c copy_page_to_iter+0x1a0/0x294 Process_vm_rw_core+0x240/0x408 Process_vm_rw+0x110/0x16c __arm64_sys_process_vm_readv+0x30/0 x3c el0_svc_common+0xf8/0x250 do_el0_svc+0x30/0x80 el0_svc+0x10/0x1c el0_sync_handler+0x78/0x108 el0_sync+0x184/0x1c0 Código: f8408423 f80008c3 910020c6 36100082 (b8404423) Agreguemos las dos banderas nuevamente. • https://git.kernel.org/stable/c/510410bfc034c57cc3caf1572aa47c1017bab2f9 https://git.kernel.org/stable/c/8e2b7fe5e8a4be5e571561d9afcfbd92097288ba https://git.kernel.org/stable/c/3466d9e217b337bf473ee629c608e53f9f3ab786 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47528 – usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()
https://notcve.org/view.php?id=CVE-2021-47528
El análisis emplea verificación diferencial para identificar operaciones de seguridad inconsistentes (por ejemplo, comprobaciones o kfrees) entre dos rutas de código y confirma que las operaciones inconsistentes no se recuperan en la función actual o en las personas que llaman, por lo que constituyen errores. • https://git.kernel.org/stable/c/3d82904559f4f5a2622db1b21de3edf2eded7664 https://git.kernel.org/stable/c/7d94bc8e335cb33918e52efdbe192c36707bfa24 https://git.kernel.org/stable/c/37307f7020ab38dde0892a578249bf63d00bca64 • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47505 – aio: fix use-after-free due to missing POLLFREE handling
https://notcve.org/view.php?id=CVE-2021-47505
Sin embargo, esa solución tenía dos errores. Primero, introdujo un punto muerto, ya que bloqueó incondicionalmente el contexto aio mientras mantenía el bloqueo de la cola de espera, lo que invierte el orden de bloqueo normal. • https://git.kernel.org/stable/c/2c14fa838cbefc23cf1c73ca167ed85b274b2913 https://git.kernel.org/stable/c/321fba81ec034f88aea4898993c1bf15605c023f https://git.kernel.org/stable/c/4105e6a128e8a98455dfc9e6dbb2ab0c33c4497f https://git.kernel.org/stable/c/47ffefd88abfffe8a040bcc1dd0554d4ea6f7689 https://git.kernel.org/stable/c/60d311f9e6381d779d7d53371f87285698ecee24 https://git.kernel.org/stable/c/50252e4b5e989ce64555c7aef7516bdefc2fea72 https://access.redhat.com/security/cve/CVE-2021-47505 https://bugzilla.redhat.com/show_bug.cgi?id=2283448 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-5294 – D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-5294
D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. ... An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . ... This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. ... An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://www.zerodayinitiative.com/advisories/ZDI-24-445 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6502 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2023-6502
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page. Se descubrió una condición de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones anteriores a 16.10.6, a la versión 16.11 anterior a 16.11.3 y a 17.0 anterior a 17.0.1. • https://gitlab.com/gitlab-org/gitlab/-/issues/433534 https://hackerone.com/reports/2263638 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •