CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2002-2438
https://notcve.org/view.php?id=CVE-2002-2438
TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. TCP firewalls pueden ser omitidos mediante el envío de paquetes SYN con otros flag (como por ejemplo, el flag RST) configurados, que la pila TCP de Linux no descartó correctamente después del firewalling • http://www.openwall.com/lists/oss-security/2012/02/03/7 http://www.openwall.com/lists/oss-security/2012/05/29/8 http://www.openwall.com/lists/oss-security/2012/05/30/11 http://www.openwall.com/lists/oss-security/2012/05/30/12 http://www.openwall.com/lists/oss-security/2012/05/30/13 http://www.openwall.com/lists/oss-security/2012/05/30/2 http://www.openwall.com/lists/oss-security/2012/05/30/4 http://www.openwall.com/lists/oss-security/2 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33033 – kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c
https://notcve.org/view.php?id=CVE-2021-33033
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. El kernel de Linux versiones anteriores a 5.11.14, presenta un uso de la memoria previamente liberada en una función cipso_v4_genopt en el archivo net/ipv4/cipso_ipv4.c, porque el recuento de CIPSO y CALIPSO para las definiciones DOI es manejado inapropiadamente, también se conoce como CID-ad5d07f4a9cd. Esto conlleva a escribir un valor arbitrario A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt https://syzkaller.appspot.com/bug?id=96e7d345 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2021-33034 – kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
https://notcve.org/view.php?id=CVE-2021-33034
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. En el kernel de Linux versiones anteriores a 5.12.4, el archivo net/bluetooth/hci_event.c, presenta un uso de la memoria previamente liberada cuando se destruye un hci_chan, también se conoce como CID-5c4c8c954409. Esto conlleva a escribir un valor arbitrario A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW https://sites.google.com/view/syzscope/kasan-use-after-free-read- • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23134 – Linux kernel llcp_sock_bind/connect use-after-free
https://notcve.org/view.php?id=CVE-2021-23134
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Una vulnerabilidad de uso de la memoria previamente liberada en nfc sockets en el Kernel de Linux versiones anteriores a 5.12.4 permite a atacantes locales escalar sus privilegios. En configuraciones típicas, el problema solo puede ser desencadenado por un usuario local privilegiado con la capacidad CAP_NET_RAW • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77 https://security.netapp.com/advisory/ntap-20210625 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3483
https://notcve.org/view.php?id=CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected Se encontró una fallo en el controlador Nosy en el kernel de Linux. Este problema permite a un dispositivo ser insertado dos veces en una lista doblemente enlazada, conllevando a un uso de la memoria previamente liberada cuando uno de estos dispositivos es eliminado. • http://www.openwall.com/lists/oss-security/2021/04/07/1 https://bugzilla.redhat.com/show_bug.cgi?id=1948045 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://security.netapp.com/advisory/ntap-20210629-0002 • CWE-416: Use After Free •