CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29649
https://notcve.org/view.php?id=CVE-2021-29649
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El controlador de modo de usuario (UMD) tiene una fuga de memoria copy_process(), relacionada con una falta de pasos de limpieza en kernel/usermode_driver.c y kernel/bpf/pre... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29650 – kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
https://notcve.org/view.php?id=CVE-2021-29650
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El subsistema netfilter permite a los atacantes causar una denegación de servicio (panic) porque net/netfilter/x_tables.c... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-662: Improper Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29264
https://notcve.org/view.php?id=CVE-2021-29264
26 Mar 2021 — An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. Se detectó un problema en el kernel de Linux versiones hasta 5.11.10. El archivo drivers/net/ethernet/freescale/gianfar.c en el controlador Freescale Gianfar Eth... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29265
https://notcve.org/view.php?id=CVE-2021-29265
26 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.7. La función usbip_sockfd_store en el archivo drivers/usb/usbip/stub_dev.c permite a atacantes causar una denegación de servicio (GPF) porque la secuen... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29266
https://notcve.org/view.php?id=CVE-2021-29266
26 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.9. El archivo drivers/vhost/vdpa.c presenta un uso de la memoria previamente liberada porque v-) config_ctx presenta un valor no válido al volver a abrir un dispositivo de caracteres, también se conoce como CID-f6bbf0010ba0. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3444 – Linux kernel bpf verifier incorrect mod32 truncation
https://notcve.org/view.php?id=CVE-2021-3444
23 Mar 2021 — The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt z... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-28971 – kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
https://notcve.org/view.php?id=CVE-2021-28971
22 Mar 2021 — In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. En la función intel_pmu_drain_pebs_nhm en el archivo arch/x86/events/intel/ds.c en el kernel de Linux versiones hasta 5.11.8 en algunas CPU Haswell, las aplicaciones de espacio de usuario (como perf-fuzzer) pueden causar un bloqueo del sistema porqu... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2021-28972
https://notcve.org/view.php?id=CVE-2021-28972
22 Mar 2021 — In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. En el archivo drivers/pci/hotplug/rpadlpar_sysfs.c en el kernel de Linux versiones hasta 5.11.8, el controlador RPA PCI Hotplu... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-28964
https://notcve.org/view.php?id=CVE-2021-28964
22 Mar 2021 — A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Se detectó una condición de carrera en la función get_old_root en el archivo fs/btrfs/ctree.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (BUG) debido a una falta de bloqueo en un búfer de exte... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27171
https://notcve.org/view.php?id=CVE-2020-27171
20 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.8. El archivo kernel/bpf/verifier.c presenta un error por un paso (con un subdesbordamiento de... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-193: Off-by-one Error •