CVSS: 8.3EPSS: 0%CPEs: 26EXPL: 13CVE-2021-22555 – Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
https://notcve.org/view.php?id=CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space En el archivo net/netfilter/x_tables.c se ha detectado una escritura fuera de límites en la pila que afecta a Linux desde la versión 2.6.19-rc1. Esto permite a un atacante alcanzar privilegios o causar una denegación de servicio (por medio de corrupción de la memoria de la pila) mediante el espacio de nombres de usuario A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. • https://www.exploit-db.com/exploits/50135 https://github.com/xyjl-ly/CVE-2021-22555-Exploit https://github.com/veritas501/CVE-2021-22555-PipeVersion https://github.com/pashayogi/CVE-2021-22555 https://github.com/tukru/CVE-2021-22555 https://github.com/letsr00t/CVE-2021-22555 https://github.com/letsr00t/-2021-LOCALROOT-CVE-2021-22555 https://github.com/daletoniris/CVE-2021-22555-esc-priv http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.h • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35039
https://notcve.org/view.php?id=CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. El archivo kernel/module.c en el kernel de Linux versiones anteriores a 5.12.14, maneja inapropiadamente la Verificación de firmas, también se conoce como CID-0c18f29aae7c. Sin CONFIG_MODULE_SIG, la verificación de que un módulo del kernel está firmado, para cargar por medio de la función init_module, no ocurre para un argumento module.sig_enforce=1 en la línea de comandos • http://www.openwall.com/lists/oss-security/2021/07/06/3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0c18f29aae7ce3dadd26d8ee3505d07cc982df75 https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://security.netapp.com/advisory/ntap-20210813-0004 https://www.openwall.com/lists/oss-security/2021/07/ • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-28691
https://notcve.org/view.php?id=CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. Un uso de memoria previamente liberada desencadenado por el usuario en Linux xen-netback. Un frontend de red PV malicioso o con errores puede forzar a Linux netback a deshabilitar la interfaz y terminar el hilo del kernel de recepción asociado a la cola 0 en respuesta al envío de un paquete malformado por parte del frontend. Esta terminación del hilo del kernel conllevará un uso de memoria previamente liberada en Linux netback cuando es destruído el backend, ya que el hilo del kernel asociado a la cola 0 ya habrá salido y, por tanto, la llamada a la función kthread_stop se llevará a cabo contra un puntero obsoleto • https://security.gentoo.org/glsa/202107-30 https://security.netapp.com/advisory/ntap-20210805-0002 https://xenbits.xenproject.org/xsa/advisory-374.txt • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 1CVE-2020-28097
https://notcve.org/view.php?id=CVE-2020-28097
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. El subsistema vgacon en el kernel de Linux versiones anteriores a 5.8.10, maneja inapropiadamente el desplazamiento de software. Se presenta una lectura fuera de límites en la función vgacon_scrolldelta, también se conoce como CID-973c096f6a85 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://seclists.org/oss-sec/2020/q3/176 https://security.netapp.com/advisory/ntap-20210805-0001 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-3600 – kernel: eBPF 32-bit source register truncation on div/mod
https://notcve.org/view.php?id=CVE-2021-3600
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. Se descubrió que la implementación de eBPF en el kernel de Linux no rastreaba adecuadamente la información de límites para registros de 32 bits al realizar operaciones div y mod. Un atacante local podría usar esto para posiblemente ejecutar código arbitrario. A flaw was found in the Linux kernel’s eBPF verification code, where the eBPF 32-bit div/mod source register truncation could lead to out-of-bounds reads and writes. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 https://ubuntu.com/security/notices/USN-5003-1 https://access.redhat.com/security/cve/CVE-2021-3600 https://bugzilla.redhat.com/show_bug.cgi?id=1981954 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •