CVE-2020-29373
https://notcve.org/view.php?id=CVE-2020-29373
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. Se detectó un problema en el archivo fs/io_uring.c en el kernel de Linux versiones anteriores a 5.6. Maneja de manera no segura el directorio root durante las búsquedas de ruta y, por lo tanto, un proceso dentro de un espacio de nombres del montaje puede escapar a ubicaciones no previstas del sistema de archivos, también se conoce como CID-ff002b30181d • https://bugs.chromium.org/p/project-zero/issues/detail?id=2011 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d30cdfbca316dadd099c3ca0d739c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-29374
https://notcve.org/view.php?id=CVE-2020-29374
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. Se detectó un problema en el kernel de Linux versiones anteriores a 5.7.3, relacionado con los archivos mm/gup.c y mm/huge_memory.c. La implementación de la función get_user_pages (también se conoce como gup), cuando se usa para una página copy-on-write, no considera apropiadamente la semántica de las operaciones de lectura y, por lo tanto, puede otorgar acceso de escritura involuntario, también se conoce como CID-17839856fd58 • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-863: Incorrect Authorization •
CVE-2020-15437 – kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c
https://notcve.org/view.php?id=CVE-2020-15437
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. El kernel de Linux anterior a versión 5.8 es vulnerable a una desreferencia del puntero NULL en drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() que permite a usuarios locales causar una denegación de servicio utilizando el puntero p-)serial_in que no se inicializó A NULL pointer dereference flaw was found in the Linux kernel’s UART 8250 functionality, in the way certain hardware architectures handled situations where default ports (0x2E8, 0x2F8, 0x3E8, 0x3F8) are not available. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. • https://lkml.org/lkml/2020/7/21/80 https://access.redhat.com/security/cve/CVE-2020-15437 https://bugzilla.redhat.com/show_bug.cgi?id=1901161 • CWE-476: NULL Pointer Dereference •
CVE-2020-14351 – Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14351
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el kernel de Linux. Se encontró un fallo de uso de la memoria previamente liberada en el subsistema perf que permitía a un atacante local con permiso para monitorear eventos de desempeño para corromper la memoria y posiblemente escalar privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1862849 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://access.redhat.com/security/cve/CVE-2020-14351 • CWE-416: Use After Free •
CVE-2020-28974 – kernel: slab-out-of-bounds read in fbcon
https://notcve.org/view.php?id=CVE-2020-28974
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. Una lectura fuera de límites en fbcon en el kernel de Linux versiones anteriores a 5.9.7, podría ser usada por parte de atacantes locales para leer información privilegiada o potencialmente bloquear el kernel, también se conoce como CID-3c4e0dff2095. Esto ocurre porque la función KD_FONT_OP_COPY en el archivo drivers/tty/vt/vt.c puede ser usada para manipulaciones tales como la altura de la fuente An out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. • http://www.openwall.com/lists/oss-security/2020/11/25/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://seclists.org/oss-sec/2020/q4/104 https://security.netapp.com/advisory/ntap-20210108-0003 https:/& • CWE-125: Out-of-bounds Read •