CVE-2021-3711 – SM2 Decryption Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E https://security.gentoo.org/glsa/202209-02 https://security.ge • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-38199
https://notcve.org/view.php?id=CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. El archivo fs/nfs/nfs4client.c en el kernel de Linux versiones anteriores a 5.13.4, presenta un ordenamiento incorrecto de la configuración de la conexión, que permite a operadores de servidores NFSv4 remotos causar una denegación de servicio (cuelgue de montajes) al disponer de que esos servidores sean inalcanzables durante la detección de trunking • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20210902-0010 https://www.debian.org/security/2021/dsa-4978 •
CVE-2021-38201 – kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c
https://notcve.org/view.php?id=CVE-2021-38201
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. El archivo net/sunrpc/xdr.c en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes remotos causar una denegación de servicio (acceso fuera de los límites de xdr_set_page_base) al llevar a cabo muchas operaciones NFS 4.2 READ_PLUS A flaw was found in the Linux kernel that allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. The highest threat from this vulnerability is to system availability. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c https://security.netapp.com/advisory/ntap-20210902-0010 https://access.redhat.com/security/cve/CVE-2021-38201 https://bugzilla.redhat.com/show_bug.cgi?id=1992731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-38202
https://notcve.org/view.php?id=CVE-2021-38202
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. El archivo fs/nfsd/trace.h en el kernel de Linux versiones anteriores a 5.13.4, podría permitir a atacantes remotos causar una denegación de servicio (lectura fuera de los límites en strlen) mediante el envío de tráfico NFS cuando el marco de eventos de rastreo se está usando para nfsd • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 https://security.netapp.com/advisory/ntap-20210902-0010 • CWE-125: Out-of-bounds Read •
CVE-2021-38203
https://notcve.org/view.php?id=CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info. btrfs en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes causar una denegación de servicio (bloqueo) por medio de procesos que desencadenan la asignación de nuevos trozos del sistema durante los momentos en que hay una escasez de espacio libre en el space_info del sistema • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 https://security.netapp.com/advisory/ntap-20210902-0010 • CWE-667: Improper Locking •