CVE-2021-23134 – Linux kernel llcp_sock_bind/connect use-after-free
https://notcve.org/view.php?id=CVE-2021-23134
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Una vulnerabilidad de uso de la memoria previamente liberada en nfc sockets en el Kernel de Linux versiones anteriores a 5.12.4 permite a atacantes locales escalar sus privilegios. En configuraciones típicas, el problema solo puede ser desencadenado por un usuario local privilegiado con la capacidad CAP_NET_RAW • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77 https://security.netapp.com/advisory/ntap-20210625 • CWE-416: Use After Free •
CVE-2020-25670
https://notcve.org/view.php?id=CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 http://www.openwall.com/lists/oss-security/2021/05/11/4 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://li • CWE-416: Use After Free •
CVE-2021-3483
https://notcve.org/view.php?id=CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected Se encontró una fallo en el controlador Nosy en el kernel de Linux. Este problema permite a un dispositivo ser insertado dos veces en una lista doblemente enlazada, conllevando a un uso de la memoria previamente liberada cuando uno de estos dispositivos es eliminado. • http://www.openwall.com/lists/oss-security/2021/04/07/1 https://bugzilla.redhat.com/show_bug.cgi?id=1948045 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://security.netapp.com/advisory/ntap-20210629-0002 • CWE-416: Use After Free •
CVE-2021-20292
https://notcve.org/view.php?id=CVE-2021-20292
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Se presenta un fallo reportado en el kernel de Linux en versiones anteriores a 5.9, en el archivo drivers/gpu/drm/nouveau/nouveau_sgdma.c en la función nouveau_sgdma_create_ttm en el subsistema Nouveau DRM. El problema es debido a una falta de comprobación de la existencia de un objeto antes de llevar a cabo operaciones en el objeto. • https://bugzilla.redhat.com/show_bug.cgi?id=1939686 https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html • CWE-416: Use After Free •
CVE-2020-26147 – kernel: reassembling mixed encrypted/plaintext fragments
https://notcve.org/view.php?id=CVE-2020-26147
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Se detectó un problema en el kernel de Linux versión 5.8.9. Las implementaciones de WEP, WPA, WPA2 y WPA3 reensamblan fragmentos aunque algunos de ellos se enviaron en texto plano. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s • CWE-307: Improper Restriction of Excessive Authentication Attempts •