CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33656 – kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
https://notcve.org/view.php?id=CVE-2021-33656
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. Cuando es establecida la fuente con datos maliciosos por ioctl cmd PIO_FONT, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s console driver functionality in the way a user triggers the ioctl PIO_FONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/07/19/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel https://access.redhat.com/security/cve/CVE-2021-33656 https://bugzilla.redhat.com/show_bug.cgi?id=2108696 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33658
https://notcve.org/view.php?id=CVE-2021-33658
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. atune versiones anteriores a 0.3-0.8, es registrado como un usuario local y ejecuta el comando curl para acceder a la interfaz url local de atune para escalar el privilegio local o modificar cualquier archivo. La autenticación no está habilitada a la fuerza en la configuración por defecto • https://www.openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1541 • CWE-306: Missing Authentication for Critical Function •