CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 1CVE-2020-10942 – kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
https://notcve.org/view.php?id=CVE-2020-10942
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. En el kernel de Linux versiones anteriores a 5.5.8, la función get_raw_socket en el archivo drivers/vhost/net.c carece de una comprobación de un campo sk_family, que podría permitir a atacantes desencadenar una corrupción de pila del kernel por medio de llamadas de sistema diseñadas. A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.openwall.com/lists/oss-security/2020/04/15/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lkml.org/lkm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-9383 – kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2020-9383
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Se detectó un problema en el kernel de Linux versión 3.16 hasta la versión 5.5.6. La función set_fdc en el archivo drivers/block/floppy.c, conlleva a una lectura fuera de límites de wait_til_ready porque el índice FDC no es comprobado para errores antes de asignarlos, también se conoce como CID-2e90ca68b0d2 An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap& • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0699
https://notcve.org/view.php?id=CVE-2011-0699
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. Un error en la propiedad signedness de enteros en la función btrfs_ioctl_space_info en el kernel de Linux versión 2.6.37, permite a usuarios locales causar una denegación de servicio (desbordamiento de búfer basado en la región heap de la memoria) o posiblemente tener otro impacto no especificado por medio de un valor de slot diseñado. • http://marc.info/?l=linux-kernel&m=129726078708425&w=2 http://marc.info/?l=oss-security&m=129726743519620&w=2 http://vulnfactory.org/vulns https://github.com/BlankOn/linux-debian/blob/master/debian/changelog.BlankOn • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2011-4915
https://notcve.org/view.php?id=CVE-2011-4915
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. El archivo fs/proc/base.c en el kernel de Linux versiones hasta 3.1, permite a usuarios locales obtener información confidencial de pulsaciones de teclas por medio del acceso a /proc/interrupts. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497 http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4915.html http://www.openwall.com/lists/oss-security/2011/11/07/9 https://lkml.org/lkml/2011/11/7/340 https://seclists.org/oss-sec/2011/q4/571 https://security-tracker.debian.org/tracker/CVE- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8992
https://notcve.org/view.php?id=CVE-2020-8992
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. La función ext4_protect_reserved_inode en el archivo fs/ext4/block_validity.c en el kernel de Linux versiones hasta 5.5.3, permite a atacantes causar una denegación de servicio (soft lockup) por medio de un journal size diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://patchwork.ozlabs.org/patch/1236118 https://security.netapp.com/advisory/ntap-20200313-0003 https://usn.ubuntu.com/4318-1 https://usn.ubuntu.com/4324-1 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4419-1 • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •