CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26930 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26930
17 Feb 2021 — An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing sa... • http://xenbits.xen.org/xsa/advisory-365.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26931 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26931
17 Feb 2021 — An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiba... • http://xenbits.xen.org/xsa/advisory-362.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 2CVE-2021-26708 – kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
https://notcve.org/view.php?id=CVE-2021-26708
05 Feb 2021 — A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Se detectó una escalada de privilegios local en el kernel de Linux versiones anteriores a 5.10.13. Múltiples condiciones de carrera en la implementación de AF_VSOCK son causadas mediante un bloqueo incorrecto e... • https://github.com/azpema/CVE-2021-26708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3348 – kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
https://notcve.org/view.php?id=CVE-2021-3348
01 Feb 2021 — nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. En la función nbd_add_socket en el archivo drivers/block/nbd.c en el kernel de Linux versiones hasta 5.10.12, presenta un uso de la memoria previamente liberada de ndb_queue_rq que podría ser desencadenado por atacantes locales (con acceso al disp... • http://www.openwall.com/lists/oss-security/2021/02/01/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2021-3347 – kernel: Use after free via PI futex state
https://notcve.org/view.php?id=CVE-2021-3347
29 Jan 2021 — An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Se detectó un problema en el kernel de Linux versiones hasta 5.10.11. Los futexes de PI presentan un uso de la memoria previamente liberada de la pila del kernel durante el manejo de fallos, permitiendo a usuarios locales ejecutar código en el kernel, también se conoce como CID-34b1a1ce1458 A flaw was ... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-3347 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3178 – Ubuntu Security Notice USN-4910-1
https://notcve.org/view.php?id=CVE-2021-3178
19 Jan 2021 — fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior ** EN DISPUTA ** en el archivo fs/nfsd/nfs3xdr.c en el kernel de Linux versiones hasta 5.10.8, cuando se presenta una exportación NFS de un subdirectorio ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-28374 – kernel: SCSI target (LIO) write to any block on ILO backstore
https://notcve.org/view.php?id=CVE-2020-28374
13 Jan 2021 — In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. En el archivo drivers/target/target_core_xcopy.c... • http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-36158 – kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
https://notcve.org/view.php?id=CVE-2020-36158
05 Jan 2021 — mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. La función mwifiex_cmd_802_11_ad_hoc_start en el archivo drivers/net/wireless/marvell/mwifiex/join.c en el kernel de Linux versiones hasta 5.10.4, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un valor SSID grande, también se conoce como CID-5c455c5ab332 A flaw was fo... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c455c5ab332773464d02ba17015acdca198f03d • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-29569 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-29569
15 Dec 2020 — An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27825 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-27825
11 Dec 2020 — A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. Se encontró un fallo de uso de la memoria previamente liberada en el archivo kernel/trace/ring_buffer.c en el kernel de Linux (anteriores a la versión 5.10-rc1)... • https://bugzilla.redhat.com/show_bug.cgi?id=1905155 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •