CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998 – Ubuntu Security Notice USN-5310-1
https://notcve.org/view.php?id=CVE-2021-3998
02 Mar 2022 — A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. • https://access.redhat.com/security/cve/CVE-2021-3998 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2020-36516 – kernel: off-path attacker may inject data or terminate victim's TCP session
https://notcve.org/view.php?id=CVE-2020-36516
26 Feb 2022 — An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16.11. El método de asignación de IPID mixto con la política de asignación de IPID basada en hash permite a un atacante fuera de la ruta inyectar datos en la sesión TCP de una víctima o terminar esa sesión. A ... • https://dl.acm.org/doi/10.1145/3372297.3417884 • CWE-290: Authentication Bypass by Spoofing CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
26 Feb 2022 — valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. Red Hat JBoss Core Services is a set of supplementary s... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-0646
https://notcve.org/view.php?id=CVE-2022-0646
18 Feb 2022 — A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. Se encontró un fallo de uso de memoria previamente liberada en el subsistema del kernel de Linux Management Component Transpo... • https://lore.kernel.org/all/20220211011552.1861886-1-jk%40codeconstruct.com.au • CWE-416: Use After Free CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
18 Feb 2022 — A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escal... • http://www.openwall.com/lists/oss-security/2022/11/30/1 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2022-25265 – kernel: Executable Space Protection Bypass
https://notcve.org/view.php?id=CVE-2022-25265
16 Feb 2022 — In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. En el kernel de Linux versiones hasta 5.16.10, determinados archivos binarios pueden tener el atributo exec-all si fueron construidos aproximadamente en 2003 (por ejemplo, con GCC versión 3.2.2 y el kernel de Linux versión 2.4.20). Esto puede ... • https://github.com/x0reaxeax/exec-prot-bypass • CWE-281: Improper Preservation of Permissions CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 1CVE-2022-25258 – Ubuntu Security Notice USN-5417-1
https://notcve.org/view.php?id=CVE-2022-25258
16 Feb 2022 — An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. Se ha descubierto un problema en drivers/usb/gadget/composite.c en el kernel de Linux anterior a la versión 5.16.10. El subsistema USB Gadget carece de cierta validación de las solicitudes de descriptor del SO d... • https://github.com/szymonh/d-os-descriptor • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-24958 – Ubuntu Security Notice USN-5468-1
https://notcve.org/view.php?id=CVE-2022-24958
11 Feb 2022 — drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. el archivo drivers/usb/gadget/legacy/inode.c en el kernel de Linux versiones hasta 5.16.8 maneja inapropiadamente la liberación dev-) buf Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to ex... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1CVE-2021-3752 – kernel: possible use-after-free in bluetooth module
https://notcve.org/view.php?id=CVE-2021-3752
03 Feb 2022 — A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario s... • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 1CVE-2021-3640 – kernel: use-after-free vulnerability in function sco_sock_sendmsg()
https://notcve.org/view.php?id=CVE-2021-3640
03 Feb 2022 — A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en la función sco_sock_sendmsg() del subsiste... • https://bugzilla.redhat.com/show_bug.cgi?id=1980646 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •