CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36313
https://notcve.org/view.php?id=CVE-2020-36313
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.7. El subsistema KVM permite el acceso fuera de rango a memslots después de una eliminación, también se conoce como CID-0774a964ef56. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0774a964ef561b7170d8d1b1bfe6f88002b6d219 https://security.netapp.com/advisory/ntap-20210604-0005 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28688
https://notcve.org/view.php?id=CVE-2021-28688
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://xenbits.xenproject.org/xsa/advisory-371.txt • CWE-665: Improper Initialization •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30002 – kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
https://notcve.org/view.php?id=CVE-2021-30002
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.3, cuando se presenta un dispositivo webcam. video_usercopy en el archivo drivers/media/v4l2-core/v4l2-ioctl.c, presenta una pérdida de memoria para argumentos grandes, también se conoce como CID-fb18802a338b. A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers video_usercopy function. The highest threat from this vulnerability is to system availability. • https://bugzilla.suse.com/show_bug.cgi?id=1184120 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899 https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://access.redhat.com/security/cve/CVE-2021-30002 https://bugzilla.redhat.com/show_bug.cgi?id=1946279 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29646 – kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
https://notcve.org/view.php?id=CVE-2021-29646
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. tipc_nl_retrieve_key en net/tipc/node.c no valida correctamente ciertos tamaños de datos, también conocido como CID-0217ed2848e8. A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encryption enabled. A local user could use this flaw to crash the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0217ed2848e8538bcf9172d97ed2eeb4a26041bb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29647
https://notcve.org/view.php?id=CVE-2021-29647
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. qrtr_recvmsg en net/qrtr/qrtr.c permite a los atacantes obtener información sensible de la memoria del kernel debido a una estructura de datos parcialmente no inicializada, también se conoce como CID-50535249f624. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-909: Missing Initialization of Resource •