CVSS: 8.1EPSS: 0%CPEs: 40EXPL: 2CVE-2021-22901 – curl: Use-after-free in TLS session handling when using OpenSSL TLS backend
https://notcve.org/view.php?id=CVE-2021-22901
26 May 2021 — curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the conne... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 1CVE-2021-33574 – glibc: mq_notify does not handle separately allocated thread attributes
https://notcve.org/view.php?id=CVE-2021-33574
25 May 2021 — The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. La función mq_notify de la Biblioteca C de GNU (también conocida como glibc) versiones 2.32 y 2.33 tiene un use-after-free. Puede utilizar el objeto de atributos del hilo de notificac... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 1CVE-2019-25044
https://notcve.org/view.php?id=CVE-2019-25044
14 May 2021 — The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. El block subsystem en el kernel de Linux versiones anteriores a 5.2 presenta un uso de la memoria previamente liberada que puede conllevar a una ejecución de código arbitrario en el contexto del kernel y una escalada de privilegios, también se conoce como CID-c3e2219216... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 19EXPL: 2CVE-2021-32399 – kernel: race condition for removal of the HCI controller
https://notcve.org/view.php?id=CVE-2021-32399
10 May 2021 — net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. El archivo net/bluetooth/hci_request.c en el kernel de Linux versiones hasta 5.12.2, presenta una condición de carrera para la eliminación del controlador HCI A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation.... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-32399 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-3501 – kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
https://notcve.org/view.php?id=CVE-2021-3501
05 May 2021 — A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.12. El valor de internal.ndata, en la API de KVM, es asignado a un índice de matriz, que puede ser actualizado por un... • https://bugzilla.redhat.com/show_bug.cgi?id=1950136 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-31440 – Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31440
03 May 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary c... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36 • CWE-682: Incorrect Calculation •
CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
22 Apr 2021 — A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SO... • http://www.openwall.com/lists/oss-security/2021/05/10/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3506 – Ubuntu Security Notice USN-5016-1
https://notcve.org/view.php?id=CVE-2021-3506
19 Apr 2021 — An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de acceso a la memoria fuera de límites (OOB) en el archivo fs/f2fs/node.c en el módulo f2fs en el kernel de Linux en versiones... • http://www.openwall.com/lists/oss-security/2021/05/08/1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 2CVE-2020-25673 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2020-25673
19 Apr 2021 — A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could us... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25670 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2020-25670
19 Apr 2021 — A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •