CVE-2021-45100
https://notcve.org/view.php?id=CVE-2021-45100
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. El servidor ksmbd versiones hasta 3.4.2, usado en el kernel de Linux hasta la versión 5.15.8, a veces se comunica en texto sin cifrar aunque se haya habilitado el cifrado. Esto ocurre porque establece la bandera SMB2_GLOBAL_CAP_ENCRYPTION cuando es usado el protocolo SMB 3.1.1, lo cual es una violación de la especificación del protocolo SMB. • https://github.com/cifsd-team/ksmbd/issues/550 https://github.com/cifsd-team/ksmbd/pull/551 https://marc.info/?l=linux-kernel&m=163961726017023&w=2 https://security.netapp.com/advisory/ntap-20220107-0001 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-4044 – Invalid handling of X509_verify_cert() internal errors in libssl
https://notcve.org/view.php?id=CVE-2021-4044
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. • https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256 https://security.netapp.com/advisory/ntap-20211229-0003 https://www.openssl.org/news/secadv/20211214.txt • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-25020
https://notcve.org/view.php?id=CVE-2018-25020
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. El subsistema BPF en el kernel de Linux versiones anteriores a 4.17, maneja inapropiadamente las situaciones con un salto largo sobre una secuencia de instrucciones donde las instrucciones internas requieren expansiones sustanciales en múltiples instrucciones BPF, conllevando a un desbordamiento. Esto afecta a los archivos kernel/bpf/core.c y net/core/filter.c • http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html https://github.com/torvalds/linux/commit/050fad7c4534c13c8eb1d9c2ba66012e014773cb https://security.netapp.com/advisory/ntap-20211229-0005 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-43975 – kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
https://notcve.org/view.php?id=CVE-2021-43975
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. En el kernel de Linux versiones hasta 5.15.2, la función hw_atl_utils_fw_rpc_wait en el archivo drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c permite a un atacante (que puede introducir un dispositivo diseñado) desencadenar una escritura fuera de límites por medio de un valor de longitud diseñado An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T https • CWE-787: Out-of-bounds Write •
CVE-2021-43976 – kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device
https://notcve.org/view.php?id=CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). En el kernel de Linux versiones hasta 5.15.2, la función mwifiex_usb_recv en el archivo drivers/net/wireless/marvell/mwifiex/usb.c permite a un atacante (que puede conectar un dispositivo USB diseñado) causar una denegación de servicio (skb_over_panic) A denial of service flaw was found in mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c in the usb subsystem of the Linux kernel. This is due to a missing clean-up for a malfunctioning usb device with an unknown recv_type. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD https://patchwork.kernel.org/projec • CWE-459: Incomplete Cleanup •