CVE-2020-8286 – curl: Inferior OCSP verification
https://notcve.org/view.php?id=CVE-2020-8286
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobación inapropiada para la revocación del certificado debido a una verificación insuficiente de la respuesta OCSP Libcurl offers "OCSP stapling" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-status using the curl tool. As part of the OCSP response verification, a client should verify that the response is indeed set out for the correct certificate. • http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/51 http://seclists.org/fulldisclosure/2021/Apr/54 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2020-8286.html https://hackerone.com/reports/1048457 https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fe • CWE-295: Improper Certificate Validation •
CVE-2020-1971 – EDIPARTYNAME NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. • https://github.com/MBHudson/CVE-2020-1971 http://www.openwall.com/lists/oss-security/2021/09/14/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b7 • CWE-476: NULL Pointer Dereference •
CVE-2020-29370
https://notcve.org/view.php?id=CVE-2020-29370
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. Se detectó un problema en la función kmem_cache_alloc_bulk en el archivo mm/slub.c en el kernel de Linux versiones anteriores a 5.5.11. La slowpath carece del incremento de TID requerido, también se conoce como CID-fd4d9c7d0c71 • https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 https://security.netapp.com/advisory/ntap-20201218-0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-29374
https://notcve.org/view.php?id=CVE-2020-29374
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. Se detectó un problema en el kernel de Linux versiones anteriores a 5.7.3, relacionado con los archivos mm/gup.c y mm/huge_memory.c. La implementación de la función get_user_pages (también se conoce como gup), cuando se usa para una página copy-on-write, no considera apropiadamente la semántica de las operaciones de lectura y, por lo tanto, puede otorgar acceso de escritura involuntario, también se conoce como CID-17839856fd58 • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-863: Incorrect Authorization •
CVE-2020-15436 – kernel: use-after-free in fs/block_dev.c
https://notcve.org/view.php?id=CVE-2020-15436
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. La vulnerabilidad de tipo use-after-free en el archivo fs/block_dev.c en el kernel de Linux versiones anteriores a 5.8, permite a usuarios locales obtener privilegios o causar una denegación de servicio al aprovechar el acceso inapropiado a un determinado campo de error A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. • https://lkml.org/lkml/2020/6/7/379 https://security.netapp.com/advisory/ntap-20201218-0002 https://access.redhat.com/security/cve/CVE-2020-15436 https://bugzilla.redhat.com/show_bug.cgi?id=1901168 • CWE-416: Use After Free •