CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3506
https://notcve.org/view.php?id=CVE-2021-3506
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de acceso a la memoria fuera de límites (OOB) en el archivo fs/f2fs/node.c en el módulo f2fs en el kernel de Linux en versiones anteriores a 5.12.0-rc4. Un fallo en la comprobación de límites permite a un atacante local conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una fuga de información interna del kernel. • http://www.openwall.com/lists/oss-security/2021/05/08/1 https://bugzilla.redhat.com/show_bug.cgi?id=1944298 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://security.netapp.com/advisory/ntap-20210611-0007 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2520013.html https://www.openwall.com/lists/oss-security/2021/03/28/2 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29154 – kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
https://notcve.org/view.php?id=CVE-2021-29154
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Los compiladores BPF JIT en el kernel de Linux hasta la versión 5.11.12 tienen un cálculo incorrecto de los desplazamientos de rama, lo que les permite ejecutar código arbitrario dentro del contexto del kernel. Esto afecta a arch/x86/net/bpf_jit_comp.c y arch/x86/net/bpf_jit_comp32.c A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. • http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-anno • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20197 – binutils: Race window allows users to own arbitrary files
https://notcve.org/view.php?id=CVE-2021-20197
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Se presenta una ventana de carrera abierta cuando se escribe la salida en las siguientes utilidades en GNU binutils versiones 2.35 y anteriores: ar, objcopy, strip, ranlib. Cuando estas utilidades son ejecutadas como un usuario privilegiado (presumiblemente como parte de un script que actualiza binarios entre diferentes usuarios), un usuario sin privilegios puede engañar a estas utilidades para que obtengan la propiedad de archivos arbitrario por medio de un enlace simbólico. There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. • https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://security.gentoo.org/glsa/202208-30 https://security.netapp.com/advisory/ntap-20210528-0009 https://sourceware.org/bugzilla/show_bug.cgi?id=26945 https://access.redhat.com/security/cve/CVE-2021-20197 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-20284 – binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c
https://notcve.org/view.php?id=CVE-2021-20284
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. Se detectó un fallo en GNU Binutils versión 2.35.1, donde se presenta un desbordamiento de búfer en la región heap de la memoria en la función _bfd_elf_slurp_secondary_reloc_section en el archivo elf.c debido a que el número de símbolos no se calculó correctamente. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1937784 https://security.gentoo.org/glsa/202208-30 https://security.netapp.com/advisory/ntap-20210521-0010 https://sourceware.org/bugzilla/show_bug.cgi?id=26931 https://access.redhat.com/security/cve/CVE-2021-20284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 https://kc.mc • CWE-295: Improper Certificate Validation •