CVE-2021-20316 – samba: Symlink race error can allow metadata read and modify outside of the exported share
https://notcve.org/view.php?id=CVE-2021-20316
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. Se ha encontrado un fallo en la forma en que Samba maneja los metadatos de los archivos/directorios. Este fallo permite a un atacante autenticado con permisos para leer o modificar los metadatos del recurso compartido, llevar a cabo esta operación fuera del recurso compartido. • https://access.redhat.com/security/cve/CVE-2021-20316 https://bugzilla.redhat.com/show_bug.cgi?id=2009673 https://bugzilla.samba.org/show_bug.cgi?id=14842 https://security-tracker.debian.org/tracker/CVE-2021-20316 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-20316.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-3975 – libvirt: segmentation fault during VM shutdown can lead to vdsm hang
https://notcve.org/view.php?id=CVE-2021-3975
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. Se ha encontrado un fallo de uso de memoria previamente liberada en libvirt. • https://access.redhat.com/security/cve/CVE-2021-3975 https://bugzilla.redhat.com/show_bug.cgi?id=2024326 https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20221201-0002 https://ubuntu.com/security/CVE-2021-3975 • CWE-416: Use After Free •
CVE-2022-1227 – psgo: Privilege escalation in 'podman top'
https://notcve.org/view.php?id=CVE-2022-1227
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Se ha encontrado un fallo de escalada de privilegios en Podman. • https://bugzilla.redhat.com/show_bug.cgi?id=2070368 https://github.com/containers/podman/issues/10941 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://security.netapp.com/advisory/ntap-20240628-0001 https://access.redhat.com/security/cve/CVE-2022-1227 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •
CVE-2022-27649 – podman: Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Se ha encontrado un fallo en Podman, donde los contenedores eran iniciados incorrectamente con permisos por defecto no vacíos. Se ha encontrado una vulnerabilidad en Moby (Docker Engine), donde los contenedores eran iniciados incorrectamente con capacidades de proceso Linux heredables no vacías. • https://bugzilla.redhat.com/show_bug.cgi?id=2066568 https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-276: Incorrect Default Permissions •
CVE-2022-1011 – kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
https://notcve.org/view.php?id=CVE-2022-1011
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una escalada de privilegios Linux suffers from a vulnerability where FUSE allows use-after-free reads of write() buffers, allowing theft of (partial) /etc/shadow hashes. • https://github.com/xkaneiki/CVE-2022-1011 https://bugzilla.redhat.com/show_bug.cgi?id=2064855 https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-1011 • CWE-416: Use After Free •