CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26930
https://notcve.org/view.php?id=CVE-2021-26930
17 Feb 2021 — An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing sa... • http://xenbits.xen.org/xsa/advisory-365.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12363 – kernel: Improper input validation in some Intel(R) Graphics Drivers
https://notcve.org/view.php?id=CVE-2020-12363
17 Feb 2021 — Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Una comprobación inapropiada de la entrada en algunos Intel® Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y versiones anteriores a 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una denegación de servicio por medio de... • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26931
https://notcve.org/view.php?id=CVE-2021-26931
17 Feb 2021 — An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiba... • http://xenbits.xen.org/xsa/advisory-362.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12362 – kernel: Integer overflow in Intel(R) Graphics Drivers
https://notcve.org/view.php?id=CVE-2020-12362
17 Feb 2021 — Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. Un desbordamiento de enteros en el firmware para algunos Intel® Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y versiones anteriores a 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una escalada de priv... • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-26932
https://notcve.org/view.php?id=CVE-2021-26932
17 Feb 2021 — An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, eff... • http://xenbits.xen.org/xsa/advisory-361.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3348 – kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
https://notcve.org/view.php?id=CVE-2021-3348
01 Feb 2021 — nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. En la función nbd_add_socket en el archivo drivers/block/nbd.c en el kernel de Linux versiones hasta 5.10.12, presenta un uso de la memoria previamente liberada de ndb_queue_rq que podría ser desencadenado por atacantes locales (con acceso al disp... • http://www.openwall.com/lists/oss-security/2021/02/01/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2021-3347 – kernel: Use after free via PI futex state
https://notcve.org/view.php?id=CVE-2021-3347
29 Jan 2021 — An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Se detectó un problema en el kernel de Linux versiones hasta 5.10.11. Los futexes de PI presentan un uso de la memoria previamente liberada de la pila del kernel durante el manejo de fallos, permitiendo a usuarios locales ejecutar código en el kernel, también se conoce como CID-34b1a1ce1458 A flaw was ... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-3347 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 2CVE-2020-25669
https://notcve.org/view.php?id=CVE-2020-25669
28 Jan 2021 — A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. Se encontró una vulnerabilidad en el Kernel de Linux donde la función sunkbd_reinit habiendo sido programada por la función sunkbd_interrupt antes de que sunkbd fuera liberada. Aunque el puntero colgante está establecido en NULL ... • http://www.openwall.com/lists/oss-security/2020/11/05/2 • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35513 – kernel: Nfsd failure to clear umask after processing an open or create
https://notcve.org/view.php?id=CVE-2020-35513
25 Jan 2021 — A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. Se encontró un fallo sin máscara incorrecto durante la modificación de archivos o directorios en la funcionalidad Linux ker... • https://bugzilla.redhat.com/show_bug.cgi?id=1911309 • CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3178
https://notcve.org/view.php?id=CVE-2021-3178
19 Jan 2021 — fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior ** EN DISPUTA ** en el archivo fs/nfsd/nfs3xdr.c en el kernel de Linux versiones hasta 5.10.8, cuando se presenta una exportación NFS de un subdirectorio ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •