CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2022-1729 – kernel: race condition in perf_event_open leads to privilege escalation
https://notcve.org/view.php?id=CVE-2022-1729
22 Jun 2022 — A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. Se ha encontrado una condición de carrera en el kernel de Linux en la función perf_event_open() que puede ser explotada por un usuario no privilegiado para conseguir privilegios de root. El bug permite construir varias primitivas de explotación como un filt... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
03 Apr 2022 — ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. It was discovered that the Linux kernel did ... • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 2CVE-2021-4154 – kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
https://notcve.org/view.php?id=CVE-2021-4154
20 Jan 2022 — A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. Se encontró un defecto de uso de memoria previamente liberada en la función cgroup1_parse_param en el archivo kernel/cgroup/cgroup-v1.c en el analizador cgroup v1 del kernel de Linux. Un atacante lo... • https://github.com/Markakd/CVE-2021-4154 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 1CVE-2020-12659 – kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption
https://notcve.org/view.php?id=CVE-2020-12659
05 May 2020 — An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Se detectó un problema en el kernel de Linux versiones anteriores a 5.6.7. En la función xdp_umem_reg en el archivo net/xdp/xdp_umem.c se presenta una escritura fuera de límites (por un usuario con la capacidad CAP_NET_ADMIN) debido a una falta de comprobación del headroom. An out-of-bounds (OOB) memory... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2020-12465 – kernel: buffer overflow in mt76_add_fragment function in drivers/net/wireless/mediatek/mt76/dma.c
https://notcve.org/view.php?id=CVE-2020-12465
29 Apr 2020 — An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. Se descubrió un desbordamiento de matriz en la función mt76_add_fragment en el archivo drivers/net/wireless/mediatek/mt76/dma.c en el kernel de Linux versiones anteriores a la versión 5.5.10, también se conoce como CID-b102f0c522cf. Un paquete de gran tamaño con muchos fr... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 1CVE-2020-12464 – kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
https://notcve.org/view.php?id=CVE-2020-12464
29 Apr 2020 — usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. a función usb_sg_cancel en el archivo drivers/usb/core/message.c en el kernel de Linux versiones anteriores a la versión 5.6.8, tiene un uso de la memoria previamente liberada porque se produce una transferencia sin una referencia, también se conoce como CID-056ad39ee925. A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/mes... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-416: Use After Free •