CVSS: 4.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-35508 – kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
https://notcve.org/view.php?id=CVE-2020-35508
25 Feb 2021 — A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadore... • https://bugzilla.redhat.com/show_bug.cgi?id=1902724 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-28588
https://notcve.org/view.php?id=CVE-2020-28588
25 Feb 2021 — An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. Se presenta una vulnerabilidad de divulgación de información ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20177
https://notcve.org/view.php?id=CVE-2021-20177
25 Feb 2021 — A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. Se encontró un fallo en la implementación del kernel de Linux de la coincidencia de cadenas dentro de un paquete. Un usuario privilegiado (con root o función CAP_NET_ADMIN) cuando se insertan las reglas de iptables podría insertar una regla que puede... • https://bugzilla.redhat.com/show_bug.cgi?id=1914719 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35499
https://notcve.org/view.php?id=CVE-2020-35499
19 Feb 2021 — A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. Un fallo de desreferencia del puntero NULL en versiones del kernel anteriores a 5.11, se puede visualizar si la función sco_sock_getsockopt en el a... • https://bugzilla.redhat.com/show_bug.cgi?id=1910048 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26934
https://notcve.org/view.php?id=CVE-2021-26934
17 Feb 2021 — An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. Se detectó un problema en el kernel de Linux versiones 4.18 hasta 5.10.16, como es usado por Xen. El modo de asignación del backend de los controladores drm_xen_front no estaba destinado a ser una configuración soportada, pero esto no fue declarad... • http://xenbits.xen.org/xsa/advisory-363.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26930
https://notcve.org/view.php?id=CVE-2021-26930
17 Feb 2021 — An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing sa... • http://xenbits.xen.org/xsa/advisory-365.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12363 – kernel: Improper input validation in some Intel(R) Graphics Drivers
https://notcve.org/view.php?id=CVE-2020-12363
17 Feb 2021 — Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Una comprobación inapropiada de la entrada en algunos Intel® Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y versiones anteriores a 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una denegación de servicio por medio de... • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12364 – kernel: Null pointer dereference in some Intel(R) Graphics Drivers
https://notcve.org/view.php?id=CVE-2020-12364
17 Feb 2021 — Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Una referencia de puntero null en algunos Intel® Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y la versión 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una denegación de servicio por medio de un acceso local Nu... • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26931
https://notcve.org/view.php?id=CVE-2021-26931
17 Feb 2021 — An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiba... • http://xenbits.xen.org/xsa/advisory-362.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12362 – kernel: Integer overflow in Intel(R) Graphics Drivers
https://notcve.org/view.php?id=CVE-2020-12362
17 Feb 2021 — Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. Un desbordamiento de enteros en el firmware para algunos Intel® Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y versiones anteriores a 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una escalada de priv... • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html • CWE-190: Integer Overflow or Wraparound •