CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
22 Apr 2021 — A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SO... • http://www.openwall.com/lists/oss-security/2021/05/10/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20197 – binutils: Race window allows users to own arbitrary files
https://notcve.org/view.php?id=CVE-2021-20197
26 Mar 2021 — There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Se presenta una ventana de carrera abierta cuando se escribe la salida en las siguientes utilidades en GNU binutils versiones 2.35 y a... • https://bugzilla.redhat.com/show_bug.cgi?id=1913743 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-35508 – kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
https://notcve.org/view.php?id=CVE-2020-35508
25 Feb 2021 — A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadore... • https://bugzilla.redhat.com/show_bug.cgi?id=1902724 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2021-27219 – glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits
https://notcve.org/view.php?id=CVE-2021-27219
15 Feb 2021 — An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Se detectó un problema en GNOME GLib versiones anteriores a 2.66.6 y versiones 2.67.x anteriores a 2.67.3. La función g_bytes_new presenta un desbordamiento de enteros en plataformas de 64 bits debido a una conversión implícita de 64 bits a 32 bits. • https://gitlab.gnome.org/GNOME/glib/-/issues/2319 • CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2021-27218 – glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform
https://notcve.org/view.php?id=CVE-2021-27218
15 Feb 2021 — An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. Se detectó un problema en GNOME GLib versiones anteriores a 2.66.7 y versiones 2.67.x anteriores a 2.67.4. Si se llamó a la función g_byte_array_new_take() con un búfer de 4 GB o más sobre una plataforma de 64 bits, la longitud debería ser truncada módulo 2*... • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35507 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35507
04 Jan 2021 — There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. Se presenta un fallo en bfd_pef_parse_function_stubs de bfd/pef.c en binutils en versiones anteriores a la 2.34 que podría permitir a un atacante que sea capaz de enviar un archivo crafteado para ser procesado por objd... • https://bugzilla.redhat.com/show_bug.cgi?id=1911691 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35496 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35496
04 Jan 2021 — There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en la función bfd_pef_scan_start_address() del archivo bfd/pef.c en binutils que podría permitir que un atacante que puede enviar un archivo diseñado para ser procesado por... • https://bugzilla.redhat.com/show_bug.cgi?id=1911444 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35495 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35495
04 Jan 2021 — There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /bfd/pef.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911441 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35494 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35494
04 Jan 2021 — There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. • https://bugzilla.redhat.com/show_bug.cgi?id=1911439 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-35493 – Gentoo Linux Security Advisory 202107-24
https://notcve.org/view.php?id=CVE-2020-35493
04 Jan 2021 — A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites ... • https://bugzilla.redhat.com/show_bug.cgi?id=1911437 • CWE-20: Improper Input Validation •