CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25639
https://notcve.org/view.php?id=CVE-2020-25639
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Se encontró un fallo de desreferencia del puntero NULL en la funcionalidad del controlador GPU Nouveau del kernel de Linux en versiones anteriores a 5.12-rc1, en la manera en que el usuario llama a ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. Este fallo permite que un usuario local bloquee el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1876995 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5 • CWE-476: NULL Pointer Dereference •
CVSS: 4.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-35508 – kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
https://notcve.org/view.php?id=CVE-2020-35508
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadores de señales. Un atacante local es capaz de abusar de este fallo para omitir unas comprobaciones y enviar cualquier señal a un proceso privilegiado. A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. • https://bugzilla.redhat.com/show_bug.cgi?id=1902724 https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 https://security.netapp.com/advisory/ntap-20210513-0006 https://access.redhat.com/security/cve/CVE-2020-35508 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27830
https://notcve.org/view.php?id=CVE-2020-27830
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. Se encontró una vulnerabilidad en el kernel de Linux donde, en la función spk_ttyio_receive_buf2(), podría desreferenciar spk_ttyio_synth sin comprobar si es NULL o no, y puede conllevar a un bloqueo deref de NULL-ptr • http://www.openwall.com/lists/oss-security/2020/12/08/1 http://www.openwall.com/lists/oss-security/2020/12/08/4 https://bugzilla.redhat.com/show_bug.cgi?id=1919900 https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://security.netapp.com/advisory/ntap-20210625-0004 https://www.debian.org/security/2021/dsa-4843 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-28588
https://notcve.org/view.php?id=CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad /proc/pid/syscall de Linux Kernel versiones 5.1 Stable y 5.4.66. Más específicamente, este problema ha sido introducido en la versión v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) y todavía está presente en la versión v5.10-rc4, por lo que es probable que todas las versiones intermedias estén afectadas. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26934
https://notcve.org/view.php?id=CVE-2021-26934
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. Se detectó un problema en el kernel de Linux versiones 4.18 hasta 5.10.16, como es usado por Xen. El modo de asignación del backend de los controladores drm_xen_front no estaba destinado a ser una configuración soportada, pero esto no fue declarado por consiguiente en su entrada de estado de soporte • http://xenbits.xen.org/xsa/advisory-363.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP https://security.netapp.com/advisory/ntap-20210326-0001 •