CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. Una condición de carrera en los sockets SCTP del kernel de Linux (el archivo net/sctp/socket.c) versiones anteriores a 5.12-rc8, puede conllevar a una escalada de privilegios del kernel desde el contexto de un servicio de red o un proceso no privilegiado. Si la función sctp_destroy_sock es llamado sin sock_net (sk) -) sctp.addr_wq_lock, un elemento es eliminado de la lista auto_asconf_splist sin ningún bloqueo apropiado. • http://www.openwall.com/lists/oss-security/2021/05/10/1 http://www.openwall.com/lists/oss-security/2021/05/10/2 http://www.openwall.com/lists/oss-security/2021/05/10/3 http://www.openwall.com/lists/oss-security/2021/05/10/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg000 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-3506
https://notcve.org/view.php?id=CVE-2021-3506
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de acceso a la memoria fuera de límites (OOB) en el archivo fs/f2fs/node.c en el módulo f2fs en el kernel de Linux en versiones anteriores a 5.12.0-rc4. Un fallo en la comprobación de límites permite a un atacante local conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una fuga de información interna del kernel. • http://www.openwall.com/lists/oss-security/2021/05/08/1 https://bugzilla.redhat.com/show_bug.cgi?id=1944298 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://security.netapp.com/advisory/ntap-20210611-0007 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2520013.html https://www.openwall.com/lists/oss-security/2021/03/28/2 • CWE-125: Out-of-bounds Read •
CVE-2021-28971 – kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
https://notcve.org/view.php?id=CVE-2021-28971
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. En la función intel_pmu_drain_pebs_nhm en el archivo arch/x86/events/intel/ds.c en el kernel de Linux versiones hasta 5.11.8 en algunas CPU Haswell, las aplicaciones de espacio de usuario (como perf-fuzzer) pueden causar un bloqueo del sistema porque el estado de PEBS en un registro de PEBS es manejado inapropiadamente, también se conoce como CID-d88d05a9e0b6 A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ https://lists.fedoraproject.org& • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-28972
https://notcve.org/view.php?id=CVE-2021-28972
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. En el archivo drivers/pci/hotplug/rpadlpar_sysfs.c en el kernel de Linux versiones hasta 5.11.8, el controlador RPA PCI Hotplug, presenta un desbordamiento de búfer tolerable por el usuario al escribir un nuevo nombre de dispositivo en el controlador desde el espacio de usuario, permitiendo al espacio de usuario escribir datos en el trama de la pila de kernel directamente. Esto ocurre porque add_slot_store y remove_slot_store maneja inapropiadamente la terminación drc_name "\0", también se conoce como CID-cc7a0bb058b8 • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG https://security.netapp.com/advisory/ntap-20210430-0003 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-28964
https://notcve.org/view.php?id=CVE-2021-28964
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Se detectó una condición de carrera en la función get_old_root en el archivo fs/btrfs/ctree.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (BUG) debido a una falta de bloqueo en un búfer de extensión antes de una operación de clonación, también se conoce como CID-dbcc7d57bffc • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ https://lists.fedoraproject.org& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •