CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
22 Apr 2021 — A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SO... • http://www.openwall.com/lists/oss-security/2021/05/10/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-29155 – kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-29155
20 Apr 2021 — An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. Se detectó un problema en el kernel de Linux version... • https://github.com/benschlueter/CVE-2021-29155 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2020-25672 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2020-25672
19 Apr 2021 — A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Se encontró una vulnerabilidad de pérdida de memoria en el kernel de Linux en la función llcp_sock_connect Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namesp... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25670 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2020-25670
19 Apr 2021 — A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2CVE-2020-25671 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2020-25671
19 Apr 2021 — A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulne... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 2CVE-2020-25673 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2020-25673
19 Apr 2021 — A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could us... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29154 – kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
https://notcve.org/view.php?id=CVE-2021-29154
08 Apr 2021 — BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Los compiladores BPF JIT en el kernel de Linux hasta la versión 5.11.12 tienen un cálculo incorrecto de los desplazamientos de rama, lo que les permite ejecutar código arbitrario dentro del contexto del kernel. Esto afecta a arch/x86/net/bpf_jit_comp.c y arch/x86... • http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-30178
https://notcve.org/view.php?id=CVE-2021-30178
06 Apr 2021 — An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. Se detectó un problema en el kernel de Linux versiones hasta 5.11.11. La función synic_get en el archivo arch/x86/kvm/hyperv.c presenta una desreferencia de puntero NULL para determinados accesos en el contexto SynIC Hyper-V, también se conoce como CID-919f4ebc5987 • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29646 – kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
https://notcve.org/view.php?id=CVE-2021-29646
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. tipc_nl_retrieve_key en net/tipc/node.c no valida correctamente ciertos tamaños de datos, también conocido como CID-0217ed2848e8. A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encrypt... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29647 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2021-29647
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. qrtr_recvmsg en net/qrtr/qrtr.c permite a los atacantes obtener información sensible de la memoria del kernel debido a una estructura de datos parcialmente no inicializada, también se con... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-909: Missing Initialization of Resource •