CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. Una condición de carrera en los sockets SCTP del kernel de Linux (el archivo net/sctp/socket.c) versiones anteriores a 5.12-rc8, puede conllevar a una escalada de privilegios del kernel desde el contexto de un servicio de red o un proceso no privilegiado. Si la función sctp_destroy_sock es llamado sin sock_net (sk) -) sctp.addr_wq_lock, un elemento es eliminado de la lista auto_asconf_splist sin ningún bloqueo apropiado. • http://www.openwall.com/lists/oss-security/2021/05/10/1 http://www.openwall.com/lists/oss-security/2021/05/10/2 http://www.openwall.com/lists/oss-security/2021/05/10/3 http://www.openwall.com/lists/oss-security/2021/05/10/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg000 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 133EXPL: 0CVE-2021-2163 – OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
https://notcve.org/view.php?id=CVE-2021-2163
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. • https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6I • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-29155 – kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-29155
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. Se detectó un problema en el kernel de Linux versiones hasta 5.11.x. En el archivo kernel/bpf/verifier.c lleva a cabo especulaciones indeseables fuera de límites en la aritmética de punteros, conllevando a ataques de canal lateral que anulan las mitigaciones de Spectre y consiguen información confidencial de la memoria del kernel. Específicamente, para secuencias de operaciones aritméticas de puntero, la modificación de puntero llevada a cabo por la primera operación no se contabiliza correctamente al restringir operaciones posteriores A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). • https://github.com/benschlueter/CVE-2021-29155 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0 https://git.kernel& • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20208
https://notcve.org/view.php?id=CVE-2021-20208
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en cifs-utils en versiones anteriores a la 6.13. Cuando un usuario monta un sistema de archivos CIFS krb5 desde un contenedor, puede usar las credenciales de Kerberos del host. • https://bugzilla.redhat.com/show_bug.cgi?id=1921116 https://bugzilla.samba.org/show_bug.cgi?id=14651 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3505
https://notcve.org/view.php?id=CVE-2021-3505
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en libtpms en versiones anteriores a 0.8.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1950046 https://github.com/stefanberger/libtpms/issues/183 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ • CWE-331: Insufficient Entropy •