CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31829 – kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-31829
06 May 2021 — kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.1, lleva a cabo cargas especulativa... • http://www.openwall.com/lists/oss-security/2021/05/04/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-3501 – kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
https://notcve.org/view.php?id=CVE-2021-3501
05 May 2021 — A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.12. El valor de internal.ndata, en la API de KVM, es asignado a un índice de matriz, que puede ser actualizado por un... • https://bugzilla.redhat.com/show_bug.cgi?id=1950136 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
22 Apr 2021 — A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SO... • http://www.openwall.com/lists/oss-security/2021/05/10/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-29155 – kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-29155
20 Apr 2021 — An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. Se detectó un problema en el kernel de Linux version... • https://github.com/benschlueter/CVE-2021-29155 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3506 – Ubuntu Security Notice USN-5016-1
https://notcve.org/view.php?id=CVE-2021-3506
19 Apr 2021 — An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de acceso a la memoria fuera de límites (OOB) en el archivo fs/f2fs/node.c en el módulo f2fs en el kernel de Linux en versiones... • http://www.openwall.com/lists/oss-security/2021/05/08/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25670 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2020-25670
19 Apr 2021 — A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2CVE-2020-25671 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2020-25671
19 Apr 2021 — A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulne... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3483 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2021-3483
19 Apr 2021 — A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected Se encontró una fallo en el controlador Nosy en el kernel de Linux. Este problema permite a un dispositivo ser insertado dos veces en una lista doblemente ... • http://www.openwall.com/lists/oss-security/2021/04/07/1 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36322 – kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations
https://notcve.org/view.php?id=CVE-2020-36322
14 Apr 2021 — An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. Se detectó un problema en la implementación del sistema de archivos FUSE en el kernel de Linux versiones anteriores a 510.6, también se conoce como CID-5d069dbe8aaf. La función fu... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3428 – kernel: integer overflow in ext4_es_cache_extent
https://notcve.org/view.php?id=CVE-2021-3428
10 Apr 2021 — A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. Se ha encontrado un fallo en el kernel de Linux. Es identificado un problema de denegación de servicio si es corrompido un árbol de extensiones en un sistema de archivos e... • https://bugzilla.redhat.com/show_bug.cgi?id=1972621 • CWE-190: Integer Overflow or Wraparound •