CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1060
https://notcve.org/view.php?id=CVE-2021-1060
08 Jan 2021 — NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del modo kernel invitado y en el plugin vGPU, en el que un índice de entrada no es comprobado, lo que puede conllevar a una alteración de los datos o a una denegación d... • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1058
https://notcve.org/view.php?id=CVE-2021-1058
08 Jan 2021 — NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del modo kernel invitado y en el plugin vGPU, en el que el tamaño de los datos de entrada no es comprobado, lo que puede conllevar a una alteración de los datos o a... • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1059
https://notcve.org/view.php?id=CVE-2021-1059
08 Jan 2021 — NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). El administrador de NVIDIA vGPU contiene una vulnerabilidad en el plugin vGPU, en la que un índice de entrada no es comprobado, lo que puede conllevar a un desbordamiento de enteros, lo que a su vez pu... • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1057
https://notcve.org/view.php?id=CVE-2021-1057
08 Jan 2021 — NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). NVIDIA Virtual GPU Manager NVIDIA vGPU Manager contiene una vulnerabilidad en el plugin vGPU en la que permite a los invitados asignar algunos recurso... • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-27777 – kernel: powerpc: RTAS calls can be used to compromise kernel integrity
https://notcve.org/view.php?id=CVE-2020-27777
15 Dec 2020 — A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalm... • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 • CWE-862: Missing Authorization •
CVSS: 5.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27825 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-27825
11 Dec 2020 — A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. Se encontró un fallo de uso de la memoria previamente liberada en el archivo kernel/trace/ring_buffer.c en el kernel de Linux (anteriores a la versión 5.10-rc1)... • https://bugzilla.redhat.com/show_bug.cgi?id=1905155 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 3%CPEs: 14EXPL: 5CVE-2020-27786 – kernel: use-after-free in kernel midi subsystem
https://notcve.org/view.php?id=CVE-2020-27786
11 Dec 2020 — A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la implementaci... • https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit • CWE-416: Use After Free •
CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 2CVE-2020-25656 – kernel: use-after-free in read in vt_do_kdgkb_ioctl
https://notcve.org/view.php?id=CVE-2020-25656
02 Dec 2020 — A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en el kernel de Linux. • https://bugzilla.redhat.com/show_bug.cgi?id=1888726 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14351 – Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14351
22 Nov 2020 — A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el kernel de Linux. Se encontró un fallo de uso de la memoria previamente liberada en el subsistema perf que permitía a un atacante local con permiso p... • https://bugzilla.redhat.com/show_bug.cgi?id=1862849 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2020-25705 – kernel: ICMP rate limiting can be used for DNS poisoning attack
https://notcve.org/view.php?id=CVE-2020-25705
17 Nov 2020 — A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3... • https://github.com/tdwyer/CVE-2020-25705 • CWE-330: Use of Insufficiently Random Values •