CVE-2020-36385 – kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
https://notcve.org/view.php?id=CVE-2020-36385
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.10. El archivo drivers/infiniband/core/ucma.c, presenta un uso de la memoria previamente liberada porque el ctx es alcanzado por medio de la función ctx_list en algunas situaciones donde la función ucma_migrate_id en que la función ucma_close, es llamada también se conoce como CID-f5449e74802c An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1 https://security.netapp.com/advisory/ntap-20210720-0004 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2 https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6 https://www.starwindsoftware.com/security/sw-20220802-0002 https://access.redhat.com/security/cve/CVE-2020-36385 • CWE-416: Use After Free •
CVE-2020-25704 – kernel: perf_event_parse_addr_filter memory
https://notcve.org/view.php?id=CVE-2020-25704
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Se encontró una perdida de memoria de fallo en el subsistema de monitoreo del rendimiento del kernel de Linux en el modo si se usaba PERF_EVENT_IOC_SET_FILTER. Un usuario local podría utilizar este fallo para privar los recursos causando una denegación de servicio A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1895961 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://www.openwall.com/lists/oss-security/2020/11/09/1 https://www.starwindsoftware.com/security/sw-20220802-0003 https://access.redhat.com/security/cve/CVE-2020-25704 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4582-1 https://www.starwindsoftware.com/security/sw-20220812-0003 https://access.redhat.com/security/cve/CVE-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •