CVSS: 8.3EPSS: 0%CPEs: 26EXPL: 14CVE-2021-22555 – Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
https://notcve.org/view.php?id=CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space En el archivo net/netfilter/x_tables.c se ha detectado una escritura fuera de límites en la pila que afecta a Linux desde la versión 2.6.19-rc1. Esto permite a un atacante alcanzar privilegios o causar una denegación de servicio (por medio de corrupción de la memoria de la pila) mediante el espacio de nombres de usuario A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. • https://www.exploit-db.com/exploits/50135 https://github.com/xyjl-ly/CVE-2021-22555-Exploit https://github.com/veritas501/CVE-2021-22555-PipeVersion https://github.com/pashayogi/CVE-2021-22555 https://github.com/tukru/CVE-2021-22555 https://github.com/letsr00t/CVE-2021-22555 https://github.com/letsr00t/-2021-LOCALROOT-CVE-2021-22555 https://github.com/daletoniris/CVE-2021-22555-esc-priv http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.h • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 1CVE-2020-28097
https://notcve.org/view.php?id=CVE-2020-28097
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. El subsistema vgacon en el kernel de Linux versiones anteriores a 5.8.10, maneja inapropiadamente el desplazamiento de software. Se presenta una lectura fuera de límites en la función vgacon_scrolldelta, también se conoce como CID-973c096f6a85 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://seclists.org/oss-sec/2020/q3/176 https://security.netapp.com/advisory/ntap-20210805-0001 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 2CVE-2021-33624
https://notcve.org/view.php?id=CVE-2021-33624
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. En el archivo kernel/bpf/verifier.c en el kernel de Linux versiones anteriores a 5.12.13, una rama puede ser mal predicha (por ejemplo, debido a la confusión de tipos) y, en consecuencia, un programa BPF no privilegiado puede leer ubicaciones de memoria arbitrarias por medio de un ataque de canal lateral, también conocido como CID-9183671af6db • https://github.com/benschlueter/CVE-2021-33624 http://www.openwall.com/lists/oss-security/2021/06/21/1 https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32078
https://notcve.org/view.php?id=CVE-2021-32078
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. Se ha detectado una lectura fuera de límites en el archivo arch/arm/mach-footbridge/personal-pci.c en el kernel de Linux versiones hasta 5.12.11, debido a una falta de comprobación de un valor que no debería ser negativo, por ejemplo, el acceso al elemento -2 de un array, también se conoce como CID-298a58e165e4 • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f https://kirtikumarar.com/CVE-2021-32078.txt https://security.netapp.com/advisory/ntap-20210813-0002 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •