CVE-2021-44733 – kernel: use-after-free in the TEE subsystem
https://notcve.org/view.php?id=CVE-2021-44733
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. Se presenta un uso de memoria previamente liberada en el archivo drivers/tee/tee_shm.c en el subsistema TEE en el kernel de Linux versiones hasta 5.15.11. Esto ocurre debido a una condición de carrera en tee_shm_get_from_id durante un intento de liberar un objeto de memoria compartida A use-after-free flaw in the Linux kernel TEE (Trusted Execution Environment) subsystem was found in the way user calls ioctl TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c https://github.com/pjlantz/optee-qemu/blob/main/README.md https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander%40linaro.org https://security.netapp.com/advisory/ntap-20220114-0003 https://www.debian. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-908: Use of Uninitialized Resource •
CVE-2021-20321 – kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename()
https://notcve.org/view.php?id=CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. Se encontró una condición de carrera al acceder a un objeto de archivo en el subsistema OverlayFS del kernel de Linux en la forma en que usuarios hacen el cambio de nombre de manera específica con OverlayFS. Un usuario local podría usar este fallo para bloquear el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2013242 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/all/20211011134508.748956131%40linuxfoundation.org https://www.debian.org/security/2022/dsa-5096 https://access.redhat.com/security/cve/CVE-2021-20321 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-45100
https://notcve.org/view.php?id=CVE-2021-45100
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. El servidor ksmbd versiones hasta 3.4.2, usado en el kernel de Linux hasta la versión 5.15.8, a veces se comunica en texto sin cifrar aunque se haya habilitado el cifrado. Esto ocurre porque establece la bandera SMB2_GLOBAL_CAP_ENCRYPTION cuando es usado el protocolo SMB 3.1.1, lo cual es una violación de la especificación del protocolo SMB. • https://github.com/cifsd-team/ksmbd/issues/550 https://github.com/cifsd-team/ksmbd/pull/551 https://marc.info/?l=linux-kernel&m=163961726017023&w=2 https://security.netapp.com/advisory/ntap-20220107-0001 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-45095
https://notcve.org/view.php?id=CVE-2021-45095
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. La función pep_sock_accept en el archivo net/phonet/pep.c en el kernel de Linux versiones hasta 5.15.8, presenta un filtrado de refcount • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0 https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-25020
https://notcve.org/view.php?id=CVE-2018-25020
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. El subsistema BPF en el kernel de Linux versiones anteriores a 4.17, maneja inapropiadamente las situaciones con un salto largo sobre una secuencia de instrucciones donde las instrucciones internas requieren expansiones sustanciales en múltiples instrucciones BPF, conllevando a un desbordamiento. Esto afecta a los archivos kernel/bpf/core.c y net/core/filter.c • http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html https://github.com/torvalds/linux/commit/050fad7c4534c13c8eb1d9c2ba66012e014773cb https://security.netapp.com/advisory/ntap-20211229-0005 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •