CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36311
https://notcve.org/view.php?id=CVE-2020-36311
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. Se detectó un problema en el kernel de Linux versiones anteriores a 5.9. El archivo arch/x86/kvm/svm/sev.c permite a atacantes causar una denegación de servicio (bloqueo suave) al desencadenar la destrucción de una SEV VM grande (que requiere anular el registro de muchas regiones cifradas), también se conoce como CID-7be74942f184 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7be74942f184fdfba34ddd19a0d995deb34d4a03 https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html https://www.debian.org/security/2021/dsa-4941 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36312 – kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c
https://notcve.org/view.php?id=CVE-2020-36312
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.8.10. El archivo virt/kvm/kvm_main.c presenta una filtración de la memoria en la función kvm_io_bus_unregister_dev tras un fallo de kmalloc, también se conoce como CID-f65886606c2d A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur in kvm_io_bus_unregister_dev() upon a kmalloc failure. The highest threat from this vulnerability is to system availability. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e https://access.redhat.com/security/cve/CVE-2020-36312 https://bugzilla.redhat.com/show_bug.cgi?id=1947991 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36313
https://notcve.org/view.php?id=CVE-2020-36313
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.7. El subsistema KVM permite el acceso fuera de rango a memslots después de una eliminación, también se conoce como CID-0774a964ef56. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0774a964ef561b7170d8d1b1bfe6f88002b6d219 https://security.netapp.com/advisory/ntap-20210604-0005 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30002 – kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
https://notcve.org/view.php?id=CVE-2021-30002
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.3, cuando se presenta un dispositivo webcam. video_usercopy en el archivo drivers/media/v4l2-core/v4l2-ioctl.c, presenta una pérdida de memoria para argumentos grandes, también se conoce como CID-fb18802a338b. A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers video_usercopy function. The highest threat from this vulnerability is to system availability. • https://bugzilla.suse.com/show_bug.cgi?id=1184120 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899 https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://access.redhat.com/security/cve/CVE-2021-30002 https://bugzilla.redhat.com/show_bug.cgi?id=1946279 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29646 – kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
https://notcve.org/view.php?id=CVE-2021-29646
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. tipc_nl_retrieve_key en net/tipc/node.c no valida correctamente ciertos tamaños de datos, también conocido como CID-0217ed2848e8. A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encryption enabled. A local user could use this flaw to crash the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0217ed2848e8538bcf9172d97ed2eeb4a26041bb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y • CWE-20: Improper Input Validation •