CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 2CVE-2021-26708 – kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
https://notcve.org/view.php?id=CVE-2021-26708
05 Feb 2021 — A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Se detectó una escalada de privilegios local en el kernel de Linux versiones anteriores a 5.10.13. Múltiples condiciones de carrera en la implementación de AF_VSOCK son causadas mediante un bloqueo incorrecto e... • https://github.com/azpema/CVE-2021-26708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3348 – kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
https://notcve.org/view.php?id=CVE-2021-3348
01 Feb 2021 — nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. En la función nbd_add_socket en el archivo drivers/block/nbd.c en el kernel de Linux versiones hasta 5.10.12, presenta un uso de la memoria previamente liberada de ndb_queue_rq que podría ser desencadenado por atacantes locales (con acceso al disp... • http://www.openwall.com/lists/oss-security/2021/02/01/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2021-3347 – kernel: Use after free via PI futex state
https://notcve.org/view.php?id=CVE-2021-3347
29 Jan 2021 — An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Se detectó un problema en el kernel de Linux versiones hasta 5.10.11. Los futexes de PI presentan un uso de la memoria previamente liberada de la pila del kernel durante el manejo de fallos, permitiendo a usuarios locales ejecutar código en el kernel, también se conoce como CID-34b1a1ce1458 A flaw was ... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-3347 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3178 – Ubuntu Security Notice USN-4910-1
https://notcve.org/view.php?id=CVE-2021-3178
19 Jan 2021 — fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior ** EN DISPUTA ** en el archivo fs/nfsd/nfs3xdr.c en el kernel de Linux versiones hasta 5.10.8, cuando se presenta una exportación NFS de un subdirectorio ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-28374 – kernel: SCSI target (LIO) write to any block on ILO backstore
https://notcve.org/view.php?id=CVE-2020-28374
13 Jan 2021 — In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. En el archivo drivers/target/target_core_xcopy.c... • http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-36158 – kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
https://notcve.org/view.php?id=CVE-2020-36158
05 Jan 2021 — mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. La función mwifiex_cmd_802_11_ad_hoc_start en el archivo drivers/net/wireless/marvell/mwifiex/join.c en el kernel de Linux versiones hasta 5.10.4, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un valor SSID grande, también se conoce como CID-5c455c5ab332 A flaw was fo... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c455c5ab332773464d02ba17015acdca198f03d • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-29569 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-29569
15 Dec 2020 — An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2020-25705 – kernel: ICMP rate limiting can be used for DNS poisoning attack
https://notcve.org/view.php?id=CVE-2020-25705
17 Nov 2020 — A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3... • https://github.com/tdwyer/CVE-2020-25705 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-16120 – Unprivileged overlay + shiftfs read access
https://notcve.org/view.php?id=CVE-2020-16120
14 Oct 2020 — Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify perm... • https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
28 Feb 2014 — The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente opera... • http://article.gmane.org/gmane.linux.kernel.cifs/9401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •