CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32078
https://notcve.org/view.php?id=CVE-2021-32078
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. Se ha detectado una lectura fuera de límites en el archivo arch/arm/mach-footbridge/personal-pci.c en el kernel de Linux versiones hasta 5.12.11, debido a una falta de comprobación de un valor que no debería ser negativo, por ejemplo, el acceso al elemento -2 de un array, también se conoce como CID-298a58e165e4 • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f https://kirtikumarar.com/CVE-2021-32078.txt https://security.netapp.com/advisory/ntap-20210813-0002 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-34693
https://notcve.org/view.php?id=CVE-2021-34693
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. El archivo net/can/bcm.c en el kernel de Linux versiones hasta 5.12.10, permite a usuarios locales obtener información confidencial de la memoria de la pila del kernel porque partes de una estructura de datos no están inicializadas • http://www.openwall.com/lists/oss-security/2021/06/15/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T https://ww • CWE-909: Missing Initialization of Resource •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-33200 – kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
https://notcve.org/view.php?id=CVE-2021-33200
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.7, aplica límites incorrectos para operaciones aritméticas de puntero, también se conoce como CID-bb01a1bba579. Esto puede ser abusado para llevar a cabo lecturas y escrituras fuera de límites en la memoria del kernel, conllevando a una escalada local de privilegios a root. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2CVE-2020-25671
https://notcve.org/view.php?id=CVE-2020-25671
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-416: Use After Free •