CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3682 – QEMU: usbredir: free() call on invalid pointer in bufp_alloc()
https://notcve.org/view.php?id=CVE-2021-3682
05 Aug 2021 — A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. Se ha encontrado un fallo en la emulación del dispositivo redirector USB de QEMU en versiones... • https://bugzilla.redhat.com/show_bug.cgi?id=1989651 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3611 – QEMU: intel-hda: segmentation fault due to stack overflow
https://notcve.org/view.php?id=CVE-2021-3611
21 Jul 2021 — A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Se encontró una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1973784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 1CVE-2021-3573 – kernel: use-after-free in function hci_sock_bound_ioctl()
https://notcve.org/view.php?id=CVE-2021-3573
13 Jul 2021 — A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. Se detec... • http://www.openwall.com/lists/oss-security/2023/07/02/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3612 – kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
https://notcve.org/view.php?id=CVE-2021-3612
09 Jul 2021 — An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escritura en memoria fuera de límites en el kernel de Linux joystick devices subsystem en versiones ant... • https://bugzilla.redhat.com/show_bug.cgi?id=1974079 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3571 – linuxptp: wrong length of one-step follow-up in transparent clock
https://notcve.org/view.php?id=CVE-2021-3571
09 Jul 2021 — A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. Se ha encontrado un fallo en el programa ptp4l del paquete linuxptp. • https://bugzilla.redhat.com/show_bug.cgi?id=1966241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2021-3570 – linuxptp: missing length check of forwarded messages
https://notcve.org/view.php?id=CVE-2021-3570
06 Jul 2021 — A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. Se ha encontrado un fallo en ... • https://bugzilla.redhat.com/show_bug.cgi?id=1966240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3598 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3598
25 Jun 2021 — There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad ImfDeepScanLineInputFile de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura ... • https://bugzilla.redhat.com/show_bug.cgi?id=1970987 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-3600 – kernel: eBPF 32-bit source register truncation on div/mod
https://notcve.org/view.php?id=CVE-2021-3600
23 Jun 2021 — It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. Se descubrió que la implementación de eBPF en el kernel de Linux no rastreaba adecuadamente la información de límites para registros de 32 bits al realizar operaciones div y mod. Un atacante local podría usar esto para posiblemente ejecutar código arbitrario. A flaw was fou... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 68EXPL: 1CVE-2021-3609 – kernel: race condition in net/can/bcm.c leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3609
23 Jun 2021 — .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privil... • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3605 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-3605
22 Jun 2021 — There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Se presenta un fallo en la funcionalidad rleUncompress de OpenEXR en versiones anteriores a 3.0.5. Un atacante que sea capaz de enviar un archivo diseñado a una aplicación enlazada con OpenEXR podría causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1970991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •