CVE-2020-36557 – kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after-free in con_shutdown().
https://notcve.org/view.php?id=CVE-2020-36557
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. Una condición de carrera en el kernel de Linux versiones anteriores a 5.6.2 entre el ioctl VT_DISALLOCATE y el cierre/apertura de ttys podría conllevar a un uso de memoria previamente liberada A use-after-free flaw was found in the Linux kernel’s Virtual Terminal subsystem in how a user calls the VT_DISALLOCATE ioctl during the closing/opening of ttys. This flaw allows a local user to crash the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220 https://access.redhat.com/security/cve/CVE-2020-36557 https://bugzilla.redhat.com/show_bug.cgi?id=2112688 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2020-36558 – kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. Una condición de carrera en el kernel de Linux versiones anteriores a 5.5.7, involucrando a VT_RESIZEX podría conllevar a una desviación del puntero NULL y un fallo de protección general A NULL pointer dereference flaw was found in the Linux kernel’s Virtual Terminal subsystem was found in how a user calls the VT_RESIZEX ioctl. This flaw allows a local user to crash the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb https://access.redhat.com/security/cve/CVE-2020-36558 https://bugzilla.redhat.com/show_bug.cgi?id=2112693 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVE-2021-33655 – kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
https://notcve.org/view.php?id=CVE-2021-33655
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. Cuando son enviados datos maliciosos al kernel mediante ioctl cmd FBIOPUT_VSCREENINFO, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/07/19/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://www.debian.org/security/2022/dsa-5191 https://access.redhat.com/security/cve/CVE-2021-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2108691 • CWE-787: Out-of-bounds Write •
CVE-2021-33656 – kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
https://notcve.org/view.php?id=CVE-2021-33656
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. Cuando es establecida la fuente con datos maliciosos por ioctl cmd PIO_FONT, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s console driver functionality in the way a user triggers the ioctl PIO_FONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/07/19/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel https://access.redhat.com/security/cve/CVE-2021-33656 https://bugzilla.redhat.com/show_bug.cgi?id=2108696 • CWE-787: Out-of-bounds Write •
CVE-2022-2380
https://notcve.org/view.php?id=CVE-2022-2380
The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. En el kernel de Linux se encontró un acceso a memoria vulnerable fuera de límites en la función drivers/video/fbdev/sm712fb.c:smtcfb_read(). La vulnerabilidad podría resultar en que atacantes locales pudieran bloquear el kernel • https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?h=for-next&id=bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •