CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-4044 – Invalid handling of X509_verify_cert() internal errors in libssl
https://notcve.org/view.php?id=CVE-2021-4044
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. • https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256 https://security.netapp.com/advisory/ntap-20211229-0003 https://www.openssl.org/news/secadv/20211214.txt • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-25020
https://notcve.org/view.php?id=CVE-2018-25020
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. El subsistema BPF en el kernel de Linux versiones anteriores a 4.17, maneja inapropiadamente las situaciones con un salto largo sobre una secuencia de instrucciones donde las instrucciones internas requieren expansiones sustanciales en múltiples instrucciones BPF, conllevando a un desbordamiento. Esto afecta a los archivos kernel/bpf/core.c y net/core/filter.c • http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html https://github.com/torvalds/linux/commit/050fad7c4534c13c8eb1d9c2ba66012e014773cb https://security.netapp.com/advisory/ntap-20211229-0005 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-3772 – kernel: sctp: Invalid chunks may be used to remotely remove existing associations
https://notcve.org/view.php?id=CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacante puede enviar paquetes con direcciones IP falsas • https://bugzilla.redhat.com/show_bug.cgi?id=2000694 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20221007-0001 https://ubuntu.com/security/CVE-2021-3772 https://www.debian.org/security/2022/dsa-5096 https://www.oracle.com/security-alerts/cp • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.7EPSS: 0%CPEs: 20EXPL: 1CVE-2021-43975 – kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
https://notcve.org/view.php?id=CVE-2021-43975
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. En el kernel de Linux versiones hasta 5.15.2, la función hw_atl_utils_fw_rpc_wait en el archivo drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c permite a un atacante (que puede introducir un dispositivo diseñado) desencadenar una escritura fuera de límites por medio de un valor de longitud diseñado An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T https&# • CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0CVE-2021-43976 – kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device
https://notcve.org/view.php?id=CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). En el kernel de Linux versiones hasta 5.15.2, la función mwifiex_usb_recv en el archivo drivers/net/wireless/marvell/mwifiex/usb.c permite a un atacante (que puede conectar un dispositivo USB diseñado) causar una denegación de servicio (skb_over_panic) A denial of service flaw was found in mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c in the usb subsystem of the Linux kernel. This is due to a missing clean-up for a malfunctioning usb device with an unknown recv_type. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD https://patchwork.kernel.org/projec • CWE-459: Incomplete Cleanup •