
CVE-2021-21157 – Debian Security Advisory 4858-1
https://notcve.org/view.php?id=CVE-2021-21157
22 Feb 2021 — Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Web Sockets en Google Chrome en Linux versiones anteriores a 88.0.4324.182, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result ... • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •

CVE-2021-21153 – Debian Security Advisory 4858-1
https://notcve.org/view.php?id=CVE-2021-21153
22 Feb 2021 — Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un desbordamiento del búfer de la pila en GPU Process en Google Chrome en Linux versiones anteriores a 88.0.4324.182, permitió a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrom... • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html • CWE-787: Out-of-bounds Write •

CVE-2021-21152 – Debian Security Advisory 4858-1
https://notcve.org/view.php?id=CVE-2021-21152
22 Feb 2021 — Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Media en Google Chrome en Linux versiones anteriores a 88.0.4324.182, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ar... • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html • CWE-787: Out-of-bounds Write •

CVE-2021-21149 – Debian Security Advisory 4858-1
https://notcve.org/view.php?id=CVE-2021-21149
22 Feb 2021 — Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. El desbordamiento del búfer de la pila en Data Transfer en Google Chrome en Linux versiones anteriores a 88.0.4324.182, permitía a un atacante remoto llevar a cabo un acceso a la memoria fuera de límites por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which c... • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html • CWE-787: Out-of-bounds Write •

CVE-2021-26934
https://notcve.org/view.php?id=CVE-2021-26934
17 Feb 2021 — An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. Se detectó un problema en el kernel de Linux versiones 4.18 hasta 5.10.16, como es usado por Xen. El modo de asignación del backend de los controladores drm_xen_front no estaba destinado a ser una configuración soportada, pero esto no fue declarad... • http://xenbits.xen.org/xsa/advisory-363.html •

CVE-2021-26930 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26930
17 Feb 2021 — An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing sa... • http://xenbits.xen.org/xsa/advisory-365.html •

CVE-2021-26931 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26931
17 Feb 2021 — An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiba... • http://xenbits.xen.org/xsa/advisory-362.html • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2021-26932 – FreeBSD Security Advisory - FreeBSD-SA-21:06.xen
https://notcve.org/view.php?id=CVE-2021-26932
17 Feb 2021 — An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, eff... • http://xenbits.xen.org/xsa/advisory-361.html •

CVE-2021-3347 – kernel: Use after free via PI futex state
https://notcve.org/view.php?id=CVE-2021-3347
29 Jan 2021 — An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Se detectó un problema en el kernel de Linux versiones hasta 5.10.11. Los futexes de PI presentan un uso de la memoria previamente liberada de la pila del kernel durante el manejo de fallos, permitiendo a usuarios locales ejecutar código en el kernel, también se conoce como CID-34b1a1ce1458 A flaw was ... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-3347 • CWE-416: Use After Free •

CVE-2021-3178 – Ubuntu Security Notice USN-4910-1
https://notcve.org/view.php?id=CVE-2021-3178
19 Jan 2021 — fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior ** EN DISPUTA ** en el archivo fs/nfsd/nfs3xdr.c en el kernel de Linux versiones hasta 5.10.8, cuando se presenta una exportación NFS de un subdirectorio ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •