CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30002 – kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
https://notcve.org/view.php?id=CVE-2021-30002
02 Apr 2021 — An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.3, cuando se presenta un dispositivo webcam. video_usercopy en el archivo drivers/media/v4l2-core/v4l2-ioctl.c, presenta una pérdida de memoria para argumentos grandes, también se conoce como CID-fb18802a338b. A flaw memory leak in... • https://bugzilla.suse.com/show_bug.cgi?id=1184120 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29646 – kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
https://notcve.org/view.php?id=CVE-2021-29646
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. tipc_nl_retrieve_key en net/tipc/node.c no valida correctamente ciertos tamaños de datos, también conocido como CID-0217ed2848e8. A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encrypt... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29647
https://notcve.org/view.php?id=CVE-2021-29647
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. qrtr_recvmsg en net/qrtr/qrtr.c permite a los atacantes obtener información sensible de la memoria del kernel debido a una estructura de datos parcialmente no inicializada, también se con... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29648
https://notcve.org/view.php?id=CVE-2021-29648
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El subsistema BPF no considera adecuada... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29649
https://notcve.org/view.php?id=CVE-2021-29649
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El controlador de modo de usuario (UMD) tiene una fuga de memoria copy_process(), relacionada con una falta de pasos de limpieza en kernel/usermode_driver.c y kernel/bpf/pre... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29650 – kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
https://notcve.org/view.php?id=CVE-2021-29650
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El subsistema netfilter permite a los atacantes causar una denegación de servicio (panic) porque net/netfilter/x_tables.c... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-662: Improper Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29264
https://notcve.org/view.php?id=CVE-2021-29264
26 Mar 2021 — An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. Se detectó un problema en el kernel de Linux versiones hasta 5.11.10. El archivo drivers/net/ethernet/freescale/gianfar.c en el controlador Freescale Gianfar Eth... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29265
https://notcve.org/view.php?id=CVE-2021-29265
26 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.7. La función usbip_sockfd_store en el archivo drivers/usb/usbip/stub_dev.c permite a atacantes causar una denegación de servicio (GPF) porque la secuen... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3444 – Linux kernel bpf verifier incorrect mod32 truncation
https://notcve.org/view.php?id=CVE-2021-3444
23 Mar 2021 — The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt z... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20219
https://notcve.org/view.php?id=CVE-2021-20219
23 Mar 2021 — A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. Se encontró una vulnerabilidad de denegación de servicio en la función n_tty_receive_char_special en el archivo drivers/tty/n_tty.c del kernel de Linux. En este fallo, un atacante local con un priv... • https://bugzilla.redhat.com/show_bug.cgi?id=1923738 • CWE-697: Incorrect Comparison •