CVE-2021-31916 – kernel: out of bounds array access in drivers/md/dm-ioctl.c
https://notcve.org/view.php?id=CVE-2021-31916
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de escritura de la memoria fuera de límites (OOB) en la función list_devices en el archivo drivers/md/dm-ioctl.c en el módulo de controlador Multi-device en el kernel de Linux versiones anteriores a 5.12. Un fallo de comprobación limitada permite a un atacante con privilegios de usuario especial (CAP_SYS_ADMIN) conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una filtración de información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1946965 https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://seclists.org/oss-sec/2021/q1/268 https://access.redhat.com/security/cve/CVE-2021-31916 • CWE-787: Out-of-bounds Write •
CVE-2021-3507 – QEMU: fdc: heap buffer overflow in DMA read data transfers
https://notcve.org/view.php?id=CVE-2021-3507
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. Se encontró un desbordamiento del búfer de pila en el emulador de disquete de QEMU versiones hasta 6.0.0 (incluyéndola). Podría ocurrir en la función fdctrl_transfer_handler() en el archivo hw/block/fdc.c mientras son procesados transferencias de datos de lectura DMA desde la unidad de disquete al sistema invitado. • https://bugzilla.redhat.com/show_bug.cgi?id=1951118 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210528-0005 https://access.redhat.com/security/cve/CVE-2021-3507 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-3426 – python: Information disclosure via pydoc
https://notcve.org/view.php?id=CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Se presenta un fallo en pydoc de Python versión 3. • https://bugzilla.redhat.com/show_bug.cgi?id=1935913 https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-20254 – samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token
https://notcve.org/view.php?id=CVE-2021-20254
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1949442 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT https://security.gentoo.org/glsa/202105-22 https://security.netapp.com/advisory/ntap-20210430-0001 https://www.samba.org/samba/security/CVE-2021-20254 • CWE-125: Out-of-bounds Read •
CVE-2020-27824 – openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()
https://notcve.org/view.php?id=CVE-2020-27824
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el codificador de OpenJPEG en la función opj_dwt_calc_explicit_stepsizes(). Este fallo permite a un atacante que puede suministrar una entrada diseñada a niveles de descomposición para causar un desbordamiento del búfer. • https://bugzilla.redhat.com/show_bug.cgi?id=1905723 https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://www.debian.org/security/2021/dsa-4882 https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020- • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •