CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2021-41073
https://notcve.org/view.php?id=CVE-2021-41073
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. La función loop_rw_iter en fs/io_uring.c en el kernel de Linux desde la versión 5.10 hasta la versión 5.14.6 permite a los usuarios locales ganar privilegios mediante el uso de IORING_OP_PROVIDE_BUFFERS para desencadenar una liberación de un búfer del kernel, como se ha demostrado utilizando /proc//maps para su explotación • http://www.openwall.com/lists/oss-security/2021/09/18/2 http://www.openwall.com/lists/oss-security/2022/06/04/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7 https://security.netapp.com/advisory/nta • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 0CVE-2021-40490
https://notcve.org/view.php?id=CVE-2021-40490
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Se ha detectado una condición de carrera en la función ext4_write_inline_data_end en el archivo fs/ext4/inline.c en el subsistema ext4 en el kernel de Linux versiones hasta 5.13.13 • https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N https://security.netapp.com/adv • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3612 – kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
https://notcve.org/view.php?id=CVE-2021-3612
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escritura en memoria fuera de límites en el kernel de Linux joystick devices subsystem en versiones anteriores a 5.9-rc1, en la manera en que el usuario llama a la ioctl JSIOCSBTNMAP. Este fallo permite a un usuario local bloquear el sistema o posiblemente escalar sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1974079 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82%40gmail.com https://security.netapp.com/advisory/ntap-20210805-0005 https://www.oracle.com/security-alerts/cpujul2022.html https:& • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-28691
https://notcve.org/view.php?id=CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. Un uso de memoria previamente liberada desencadenado por el usuario en Linux xen-netback. Un frontend de red PV malicioso o con errores puede forzar a Linux netback a deshabilitar la interfaz y terminar el hilo del kernel de recepción asociado a la cola 0 en respuesta al envío de un paquete malformado por parte del frontend. Esta terminación del hilo del kernel conllevará un uso de memoria previamente liberada en Linux netback cuando es destruído el backend, ya que el hilo del kernel asociado a la cola 0 ya habrá salido y, por tanto, la llamada a la función kthread_stop se llevará a cabo contra un puntero obsoleto • https://security.gentoo.org/glsa/202107-30 https://security.netapp.com/advisory/ntap-20210805-0002 https://xenbits.xenproject.org/xsa/advisory-374.txt • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 1CVE-2020-28097
https://notcve.org/view.php?id=CVE-2020-28097
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. El subsistema vgacon en el kernel de Linux versiones anteriores a 5.8.10, maneja inapropiadamente el desplazamiento de software. Se presenta una lectura fuera de límites en la función vgacon_scrolldelta, también se conoce como CID-973c096f6a85 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://seclists.org/oss-sec/2020/q3/176 https://security.netapp.com/advisory/ntap-20210805-0001 • CWE-125: Out-of-bounds Read •