CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12362 – kernel: Integer overflow in Intel(R) Graphics Drivers
https://notcve.org/view.php?id=CVE-2020-12362
17 Feb 2021 — Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. Un desbordamiento de enteros en el firmware para algunos Intel® Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y versiones anteriores a 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una escalada de priv... • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26930 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26930
17 Feb 2021 — An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing sa... • http://xenbits.xen.org/xsa/advisory-365.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26931 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-26931
17 Feb 2021 — An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiba... • http://xenbits.xen.org/xsa/advisory-362.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 2CVE-2021-26708 – kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
https://notcve.org/view.php?id=CVE-2021-26708
05 Feb 2021 — A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Se detectó una escalada de privilegios local en el kernel de Linux versiones anteriores a 5.10.13. Múltiples condiciones de carrera en la implementación de AF_VSOCK son causadas mediante un bloqueo incorrecto e... • https://github.com/azpema/CVE-2021-26708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20177 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2021-20177
05 Feb 2021 — A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. Se encontró un fallo en la implementación del kernel de Linux de la coincidencia de cadenas dentro de un paquete. Un usuario privilegiado (con root o función CAP_NET_ADMIN) cuando se insertan las reglas de iptables podría insertar una regla que puede... • https://bugzilla.redhat.com/show_bug.cgi?id=1914719 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3348 – kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
https://notcve.org/view.php?id=CVE-2021-3348
01 Feb 2021 — nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. En la función nbd_add_socket en el archivo drivers/block/nbd.c en el kernel de Linux versiones hasta 5.10.12, presenta un uso de la memoria previamente liberada de ndb_queue_rq que podría ser desencadenado por atacantes locales (con acceso al disp... • http://www.openwall.com/lists/oss-security/2021/02/01/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2021-3347 – kernel: Use after free via PI futex state
https://notcve.org/view.php?id=CVE-2021-3347
29 Jan 2021 — An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Se detectó un problema en el kernel de Linux versiones hasta 5.10.11. Los futexes de PI presentan un uso de la memoria previamente liberada de la pila del kernel durante el manejo de fallos, permitiendo a usuarios locales ejecutar código en el kernel, también se conoce como CID-34b1a1ce1458 A flaw was ... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-3347 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3178 – Ubuntu Security Notice USN-4910-1
https://notcve.org/view.php?id=CVE-2021-3178
19 Jan 2021 — fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior ** EN DISPUTA ** en el archivo fs/nfsd/nfs3xdr.c en el kernel de Linux versiones hasta 5.10.8, cuando se presenta una exportación NFS de un subdirectorio ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27830 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-27830
15 Jan 2021 — A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. Se encontró una vulnerabilidad en el kernel de Linux donde, en la función spk_ttyio_receive_buf2(), podría desreferenciar spk_ttyio_synth sin comprobar si es NULL o no, y puede conllevar a un bloqueo deref de NULL-ptr It was discovered that the console keyboard driver in the Linux kernel contained a ... • http://www.openwall.com/lists/oss-security/2020/12/08/1 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25639 – Ubuntu Security Notice USN-4949-1
https://notcve.org/view.php?id=CVE-2020-25639
15 Jan 2021 — A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Se encontró un fallo de desreferencia del puntero NULL en la funcionalidad del controlador GPU Nouveau del kernel de Linux en versiones anteriores a 5.12-rc1, en la manera en que el usuario llama a ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. Este fallo permite que un usuari... • https://bugzilla.redhat.com/show_bug.cgi?id=1876995 • CWE-476: NULL Pointer Dereference •