CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28039
https://notcve.org/view.php?id=CVE-2021-28039
05 Mar 2021 — An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. Se detectó un problema en el kernel de Linux versiones 5.9.x hasta 5.11.3, como es usada con Xen. En algunas configuraciones menos comunes, ... • http://www.openwall.com/lists/oss-security/2021/03/05/2 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25639 – Ubuntu Security Notice USN-4949-1
https://notcve.org/view.php?id=CVE-2020-25639
04 Mar 2021 — A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Se encontró un fallo de desreferencia del puntero NULL en la funcionalidad del controlador GPU Nouveau del kernel de Linux en versiones anteriores a 5.12-rc1, en la manera en que el usuario llama a ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. Este fallo permite que un usuari... • https://bugzilla.redhat.com/show_bug.cgi?id=1876995 • CWE-476: NULL Pointer Dereference •
CVSS: 4.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-35508 – kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
https://notcve.org/view.php?id=CVE-2020-35508
25 Feb 2021 — A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadore... • https://bugzilla.redhat.com/show_bug.cgi?id=1902724 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26934
https://notcve.org/view.php?id=CVE-2021-26934
17 Feb 2021 — An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. Se detectó un problema en el kernel de Linux versiones 4.18 hasta 5.10.16, como es usado por Xen. El modo de asignación del backend de los controladores drm_xen_front no estaba destinado a ser una configuración soportada, pero esto no fue declarad... • http://xenbits.xen.org/xsa/advisory-363.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26930 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26930
17 Feb 2021 — An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing sa... • http://xenbits.xen.org/xsa/advisory-365.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26931 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26931
17 Feb 2021 — An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiba... • http://xenbits.xen.org/xsa/advisory-362.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-26932
https://notcve.org/view.php?id=CVE-2021-26932
17 Feb 2021 — An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, eff... • http://xenbits.xen.org/xsa/advisory-361.html •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 2CVE-2021-26708 – kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
https://notcve.org/view.php?id=CVE-2021-26708
05 Feb 2021 — A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Se detectó una escalada de privilegios local en el kernel de Linux versiones anteriores a 5.10.13. Múltiples condiciones de carrera en la implementación de AF_VSOCK son causadas mediante un bloqueo incorrecto e... • https://github.com/azpema/CVE-2021-26708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-16120 – Unprivileged overlay + shiftfs read access
https://notcve.org/view.php?id=CVE-2020-16120
14 Oct 2020 — Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify perm... • https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
28 Feb 2014 — The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente opera... • http://article.gmane.org/gmane.linux.kernel.cifs/9401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •