CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-28374 – kernel: SCSI target (LIO) write to any block on ILO backstore
https://notcve.org/view.php?id=CVE-2020-28374
13 Jan 2021 — In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. En el archivo drivers/target/target_core_xcopy.c... • http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25668
https://notcve.org/view.php?id=CVE-2020-25668
06 Jan 2021 — A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Se encontró un fallo en el Kernel de Linux porque el acceso a la variable global fg_console no está correctamente sincronizado, conllevando a un uso de la memoria previamente liberada en la función con_font_op • https://github.com/hshivhare67/Kernel_4.1.15_CVE-2020-25668 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-662: Improper Synchronization •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-36158 – kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
https://notcve.org/view.php?id=CVE-2020-36158
05 Jan 2021 — mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. La función mwifiex_cmd_802_11_ad_hoc_start en el archivo drivers/net/wireless/marvell/mwifiex/join.c en el kernel de Linux versiones hasta 5.10.4, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un valor SSID grande, también se conoce como CID-5c455c5ab332 A flaw was fo... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c455c5ab332773464d02ba17015acdca198f03d • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-29569
https://notcve.org/view.php?id=CVE-2020-29569
15 Dec 2020 — An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-27777 – kernel: powerpc: RTAS calls can be used to compromise kernel integrity
https://notcve.org/view.php?id=CVE-2020-27777
15 Dec 2020 — A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalm... • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 5CVE-2020-27786 – kernel: use-after-free in kernel midi subsystem
https://notcve.org/view.php?id=CVE-2020-27786
11 Dec 2020 — A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementaci... • https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 19EXPL: 2CVE-2020-29660 – kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
https://notcve.org/view.php?id=CVE-2020-29660
09 Dec 2020 — A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Se detectó un problema de inconsistencia de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. Los archivos drivers/tty/tty_io.c y drivers/tty/tty_jobctrl.c pueden permitir un ataque de lectura de la memoria previamente liberada contra TIOCGSID, también se conoc... • http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html • CWE-416: Use After Free CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 1CVE-2020-29661 – kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
https://notcve.org/view.php?id=CVE-2020-29661
09 Dec 2020 — A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Se detectó un problema de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. El archivo drivers/tty/tty_jobctrl.c, permite un ataque de uso de la memoria previamente liberada contra TIOCSPGRP, también se conoce como CID-54ffccbf053b A locking vulnerability was found in the tty subsystem of the Linux ker... • https://github.com/wojkos9/arm-CVE-2020-29661 • CWE-416: Use After Free CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2020-14381 – kernel: referencing inode of removed superblock in get_futex_key() causes UAF
https://notcve.org/view.php?id=CVE-2020-14381
03 Dec 2020 — A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementación de futex del kernel de Linux. Este fallo permite a un atacante local corromper la memoria del sistema o aumentar sus privilegios al crear un fu... • https://github.com/nanopathi/linux-4.19.72_CVE-2020-14381 • CWE-416: Use After Free •
CVSS: 8.3EPSS: 1%CPEs: 11EXPL: 1CVE-2020-14305 – kernel: memory corruption in Voice over IP nf_conntrack_h323 module
https://notcve.org/view.php?id=CVE-2020-14305
02 Dec 2020 — An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura de memoria fuera de límites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 de... • https://bugs.openvz.org/browse/OVZ-7188 • CWE-787: Out-of-bounds Write •