CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://bugzilla.suse.com/show_bug.cgi?id=1157880 https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 https://github.com/rpm-software-management/rpm/pull/1919 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4159
https://notcve.org/view.php?id=CVE-2021-4159
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. Se encontró una vulnerabilidad en el verificador EBPF del kernel de Linux cuando son manejadas estructuras de datos internas. Las ubicaciones de memoria interna podían ser devueltas al espacio de usuario. • https://access.redhat.com/security/cve/CVE-2021-4159 https://bugzilla.redhat.com/show_bug.cgi?id=2036024 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security-tracker.debian.org/tracker/CVE-2021-4159 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 2CVE-2021-4217
https://notcve.org/view.php?id=CVE-2021-4217
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Se ha encontrado un fallo en unzip. La vulnerabilidad es producida debido a un manejo inapropiado de las cadenas Unicode, que puede conllevar a una desreferencia de puntero null. • https://access.redhat.com/security/cve/CVE-2021-4217 https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3714
https://notcve.org/view.php?id=CVE-2021-3714
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged. Se ha encontrado un fallo en el mecanismo de de duplicación de memoria del kernel de Linux. Trabajos anteriores han demostrado que la de duplicación de memoria puede ser atacada por medio de un mecanismo de explotación local. • https://access.redhat.com/security/cve/CVE-2021-3714 https://arxiv.org/abs/2111.08553 https://arxiv.org/pdf/2111.08553.pdf https://bugzilla.redhat.com/show_bug.cgi?id=1931327 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-2938 – kernel: use-after-free when psi trigger is destroyed while being polled
https://notcve.org/view.php?id=CVE-2022-2938
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. Se ha encontrado un fallo en la implementación del kernel de Linux de la Información de Bloqueo de Presión. Aunque la función está deshabilitada por defecto, podría permitir a un atacante bloquear el sistema o tener otros efectos secundarios de corrupción de memoria. A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848 https://security.netapp.com/advisory/ntap-20221223-0002 https://access.redhat.com/security/cve/CVE-2022-2938 https://bugzilla.redhat.com/show_bug.cgi?id=2120175 • CWE-416: Use After Free •