CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2021-42739 – kernel: Heap buffer overflow in firedtv driver
https://notcve.org/view.php?id=CVE-2021-42739
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. Se ha encontrado un fallo de desbordamiento de búfer basado en la pila en el controlador de la tarjeta multimedia FireDTV del kernel de Linux, donde el usuario llama al ioctl CA_SEND_MSG. Este fallo permite a un usuario local de la máquina anfitriona bloquear el sistema o escalar privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=1951739 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda https://seclists.org/oss-sec/2021/q2/46 https://www.oracle.com/security-alerts/cpujul2022.html https://www.starwindsoftware.com/security/sw-20220804-0001 https://access.redhat.com/security/cve/CVE-2021-42739 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-42252
https://notcve.org/view.php?id=CVE-2021-42252
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. Se ha detectado un problema en la función aspeed_lpc_ctrl_mmap en el archivo drivers/soc/aspeed/aspeed-lpc-ctrl.c en el kernel de Linux versiones anteriores a 5.14.6. Unos atacantes locales capaces de acceder a la interfaz de control de Aspeed LPC podrían sobrescribir memoria en el kernel y potencialmente ejecutar privilegios, también se conoce como CID-b49a0e69a7b1. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96 https://security.netapp.com/advisory/ntap-20211112-0006 •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2021-42008
https://notcve.org/view.php?id=CVE-2021-42008
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. La función decode_data en el archivo drivers/net/hamradio/6pack.c en el kernel de Linux versiones anteriores a 5.13.13, presenta una escritura fuera de límites. La entrada desde un proceso que tiene la capacidad CAP_NET_ADMIN puede conllevar a un acceso de root • https://github.com/0xdevil/CVE-2021-42008 https://github.com/numanturle/CVE-2021-42008 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793 https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20211104-0002 https://www.youtube.com/watch?v=d5f9xLK8Vhw • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-41864 – kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write
https://notcve.org/view.php?id=CVE-2021-41864
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. prealloc_elems_and_freelist en kernel/bpf/stackmap.c en el kernel de Linux antes de la versión 5.14.12 permite a usuarios sin privilegios desencadenar un desbordamiento de enteros en la multiplicación de eBPF con una escritura fuera de los límites resultante. An out-of-bounds (OOB) memory write flaw was found in prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM http • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 1CVE-2021-3753 – kernel: a race out-of-bound read in vt
https://notcve.org/view.php?id=CVE-2021-3753
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. Se observó un problema de carrera en el la función vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de límites en vt ya que el acceso de escritura a vc_mode no está protegido por el bloqueo de vt_ioctl (KDSETMDE). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos • https://bugzilla.redhat.com/show_bug.cgi?id=1999589 https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7 https://security.netapp.com/advisory/ntap-20221028-0003 https://www.openwall.com/lists/oss-security/2021/09/01/4 https://access.redhat.com/security/cve/CVE-2021-3753 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •