CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2CVE-2020-25671
https://notcve.org/view.php?id=CVE-2020-25671
26 May 2021 — A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2020-26558 – bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack
https://notcve.org/view.php?id=CVE-2020-26558
24 May 2021 — Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value o... • https://kb.cert.org/vuls/id/799380 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33033 – kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c
https://notcve.org/view.php?id=CVE-2021-33033
14 May 2021 — The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. El kernel de Linux versiones anteriores a 5.11.14, presenta un uso de la memoria previamente liberada en una función cipso_v4_genopt en el archivo net/ipv4/cipso_ipv4.c, porque el recuento de CIPSO y CALIPSO para las definiciones DOI es manejado inapropiadamente, tambié... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2021-33034 – kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
https://notcve.org/view.php?id=CVE-2021-33034
14 May 2021 — In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. En el kernel de Linux versiones anteriores a 5.12.4, el archivo net/bluetooth/hci_event.c, presenta un uso de la memoria previamente liberada cuando se destruye un hci_chan, también se conoce como CID-5c4c8c954409. Esto conlleva a escribir un valor arbitrario A use-after-free flaw was found in hci_send_acl in the bluetooth host co... • https://github.com/Trinadh465/device_renesas_kernel_AOSP10_r33_CVE-2021-33034 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23134 – Linux kernel llcp_sock_bind/connect use-after-free
https://notcve.org/view.php?id=CVE-2021-23134
12 May 2021 — Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Una vulnerabilidad de uso de la memoria previamente liberada en nfc sockets en el Kernel de Linux versiones anteriores a 5.12.4 permite a atacantes locales escalar sus privilegios. En configuraciones típicas, el problema solo puede ser desencadenado por un usuari... • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3483
https://notcve.org/view.php?id=CVE-2021-3483
12 May 2021 — A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected Se encontró una fallo en el controlador Nosy en el kernel de Linux. Este problema permite a un dispositivo ser insertado dos veces en una lista doblemente ... • http://www.openwall.com/lists/oss-security/2021/04/07/1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25670
https://notcve.org/view.php?id=CVE-2020-25670
12 May 2021 — A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20292
https://notcve.org/view.php?id=CVE-2021-20292
12 May 2021 — There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Se presenta un fallo reportado en el kernel de Linux en versiones ante... • https://bugzilla.redhat.com/show_bug.cgi?id=1939686 • CWE-416: Use After Free •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2020-26147 – kernel: reassembling mixed encrypted/plaintext fragments
https://notcve.org/view.php?id=CVE-2020-26147
11 May 2021 — An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Se detectó un problema en el kernel de Linux versión 5.8.9. Las implementaciones de WEP, WPA, WPA2 y WPA3 reensamblan fragmentos aunque algunos de e... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 3.1EPSS: 0%CPEs: 338EXPL: 1CVE-2020-24587 – kernel: Reassembling fragments encrypted under different keys
https://notcve.org/view.php?id=CVE-2020-24587
11 May 2021 — The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que todos los fragmentos d... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •