CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 1CVE-2021-3739
https://notcve.org/view.php?id=CVE-2021-3739
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia de puntero NULL en la función btrfs_rm_device en el archivo fs/btrfs/volumes.c en el Kernel de Linux, donde el desencadenamiento del bug requiere "CAP_SYS_ADMIN". Este fallo permite a un atacante local bloquear el sistema o filtrar información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1997958 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://security.netapp.com/advisory/ntap-20220407-0006 https://ubuntu.com/security/CVE-2021-3739 https://www.openwall.com/lists/oss-security/2021/08/25/3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 1CVE-2021-38300
https://notcve.org/view.php?id=CVE-2021-38300
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. arch/mips/net/bpf_jit.c en el kernel de Linux anterior a la versión 5.4.10 puede generar código máquina no deseado al transformar programas cBPF sin privilegios, permitiendo la ejecución de código arbitrario dentro del contexto del kernel. Esto ocurre porque las ramas condicionales pueden superar el límite de 128 KB de la arquitectura MIPS • http://www.openwall.com/lists/oss-security/2021/09/15/5 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20211008-0003 https://www.debian.org/security/2022/dsa-5096 •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 1CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. Se ha encontrado un fallo en el código AMD de KVM para soportar la virtualización anidada SVM. • https://github.com/rami08448/CVE-2021-3656-Demo https://bugzilla.redhat.com/show_bug.cgi?id=1983988 https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://www.openwall.com/lists/oss-security/2021/08/16/1 https://access.redhat.com/security/cve/CVE-2021-3656 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 1CVE-2021-3653 – kernel: SVM nested virtualization issue in KVM (AVIC support)
https://notcve.org/view.php?id=CVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. • http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html https://bugzilla.redhat.com/show_bug.cgi?id=1983686 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://www.openwall.com/lists/oss-security/2021/08/16/1 https://access.redhat.com/security/cve/CVE-2021-3653 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3715 – kernel: use-after-free in route4_change() in net/sched/cls_route.c
https://notcve.org/view.php?id=CVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo en el clasificador "Routing decision" del subsistema de red Traffic Control del kernel de Linux en la forma en que administra el cambio de los filtros de clasificación, conllevando a una condición de uso de memoria previamente liberada. Este fallo permite a usuarios locales no privilegiados escalar sus privilegios en el sistema. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359 https://access.redhat.com/security/cve/CVE-2021-3715 https://bugzilla.redhat.com/show_bug.cgi?id=1993988 • CWE-416: Use After Free •