CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47401 – ipack: ipoctal: fix stack information leak
https://notcve.org/view.php?id=CVE-2021-47401
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipack: ipoctal: corrige la fuga de información de la pila. El nombre del controlador tty también se usa después de registrar el controlador y específicamente no debe asignarse en la pila para evitar filtrar información al espacio del usuario (o activar un ups). Los controladores no deberían intentar codificar información de topología en el nombre del dispositivo tty, pero este se coló durante la preparación sin que nadie se diera cuenta y desde entonces otro controlador copió esta mala práctica. Arreglar la ABI es un tema aparte, pero esto al menos tapa el agujero de seguridad. • https://git.kernel.org/stable/c/ba4dc61fe8c545a5d6a68b63616776556b771f51 https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380 https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0 https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7 https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7 https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426 https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47330 – tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
https://notcve.org/view.php?id=CVE-2021-47330
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path In the probe function, if the final 'serial_config()' fails, 'info' is leaking. Add a resource handling path to free this memory. ... En la función de sonda, si el 'serial_config()' final falla, se está perdiendo 'info'. • https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584 https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461 https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67 https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32 https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2 https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47238 – net: ipv4: fix memory leak in ip_mc_add1_src
https://notcve.org/view.php?id=CVE-2021-47238
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. • https://git.kernel.org/stable/c/24803f38a5c0b6c57ed800b47e695f9ce474bc3a https://git.kernel.org/stable/c/bd1b664a19403ede448d29c87b2f23796bc7a577 https://git.kernel.org/stable/c/b38c6e0bd5b5e439ecebdc0df599d573c2f610f8 https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf73 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-4323 – Fluent Bit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-4323
This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. • https://github.com/d0rb/CVE-2024-4323 https://github.com/skilfoy/CVE-2024-4323-Exploit-POC https://github.com/yuansec/CVE-2024-4323-dos_poc https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04 https://tenable.com/security/research/tra-2024-17 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-1968 – Authorization Header Leakage in scrapy/scrapy on Scheme Change Redirects
https://notcve.org/view.php?id=CVE-2024-1968
Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. • https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8 https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •