CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3506
https://notcve.org/view.php?id=CVE-2021-3506
19 Apr 2021 — An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de acceso a la memoria fuera de límites (OOB) en el archivo fs/f2fs/node.c en el módulo f2fs en el kernel de Linux en versiones... • http://www.openwall.com/lists/oss-security/2021/05/08/1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36322 – kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations
https://notcve.org/view.php?id=CVE-2020-36322
14 Apr 2021 — An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. Se detectó un problema en la implementación del sistema de archivos FUSE en el kernel de Linux versiones anteriores a 510.6, también se conoce como CID-5d069dbe8aaf. La función fu... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29154 – kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
https://notcve.org/view.php?id=CVE-2021-29154
08 Apr 2021 — BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Los compiladores BPF JIT en el kernel de Linux hasta la versión 5.11.12 tienen un cálculo incorrecto de los desplazamientos de rama, lo que les permite ejecutar código arbitrario dentro del contexto del kernel. Esto afecta a arch/x86/net/bpf_jit_comp.c y arch/x86... • http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36310
https://notcve.org/view.php?id=CVE-2020-36310
06 Apr 2021 — An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. Se detectó un problema en el kernel de Linux versiones anteriores a 5.8. El archivo arch/x86/kvm/svm/svm.c permite un bucle infinito en la función set_memory_region_test para determinados fallos de página anidadas, también se conoce como CID-e72436bc3a52 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-30178
https://notcve.org/view.php?id=CVE-2021-30178
06 Apr 2021 — An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. Se detectó un problema en el kernel de Linux versiones hasta 5.11.11. La función synic_get en el archivo arch/x86/kvm/hyperv.c presenta una desreferencia de puntero NULL para determinados accesos en el contexto SynIC Hyper-V, también se conoce como CID-919f4ebc5987 • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36311
https://notcve.org/view.php?id=CVE-2020-36311
06 Apr 2021 — An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. Se detectó un problema en el kernel de Linux versiones anteriores a 5.9. El archivo arch/x86/kvm/svm/sev.c permite a atacantes causar una denegación de servicio (bloqueo suave) al desencadenar la destrucción de una SEV VM grande (que requiere anul... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36312 – kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c
https://notcve.org/view.php?id=CVE-2020-36312
06 Apr 2021 — An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.8.10. El archivo virt/kvm/kvm_main.c presenta una filtración de la memoria en la función kvm_io_bus_unregister_dev tras un fallo de kmalloc, también se conoce como CID-f65886606c2d A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur i... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36313
https://notcve.org/view.php?id=CVE-2020-36313
06 Apr 2021 — An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.7. El subsistema KVM permite el acceso fuera de rango a memslots después de una eliminación, también se conoce como CID-0774a964ef56. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28688
https://notcve.org/view.php?id=CVE-2021-28688
06 Apr 2021 — The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html • CWE-665: Improper Initialization •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30002 – kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
https://notcve.org/view.php?id=CVE-2021-30002
02 Apr 2021 — An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.3, cuando se presenta un dispositivo webcam. video_usercopy en el archivo drivers/media/v4l2-core/v4l2-ioctl.c, presenta una pérdida de memoria para argumentos grandes, también se conoce como CID-fb18802a338b. A flaw memory leak in... • https://bugzilla.suse.com/show_bug.cgi?id=1184120 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •