CVE-2020-14323 – samba: Unprivileged user can crash winbind
https://notcve.org/view.php?id=CVE-2020-14323
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Se encontró uno fallo de desreferencia del puntero null en el servicio Winbind de samba en versiones anteriores a 4.11.15, 4.12.9 y 4.13.1. Un usuario local podría utilizar este fallo para bloquear el servicio winbind causando una denegación de servicio A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html https://bugzilla.redhat.com/show_bug.cgi?id=1891685 https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP https://lists.fedoraproject.org/archives/list/package • CWE-170: Improper Null Termination CWE-476: NULL Pointer Dereference •
CVE-2020-27670
https://notcve.org/view.php?id=CVE-2020-27670
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de páginas IOMMU de AMD puede ser actualizada a medias • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/9 http://xenbits.xen.org/xsa/advisory-347.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https://xenbits.xen.org/xsa/ • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2020-27671
https://notcve.org/view.php?id=CVE-2020-27671
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado HVM y PVH de x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque la combinación de descargas IOMMU TLB por página no se maneja apropiadamente • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/8 http://xenbits.xen.org/xsa/advisory-346.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https://xenbits.xen.org/xsa/ •
CVE-2020-27672
https://notcve.org/view.php?id=CVE-2020-27672
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del SO invitado x86 causar una denegación de servicio del SO host, lograr una corrupción de datos o posiblemente alcanzar privilegios mediante la explotación de una condición de carrera que conlleva a un uso de la memoria previamente liberada involucrando a superpáginas de 2MiB y 1GiB • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/7 http://xenbits.xen.org/xsa/advisory-345.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https://xenbits.xen.org/xsa/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2020-27673
https://notcve.org/view.php?id=CVE-2020-27673
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. Los usuarios del Sistema Operativo invitado pueden causar una denegación de servicio (suspensión del Sistema Operativo host) por medio de una alta tasa de eventos en dom0, también se conoce como CID-e99502f76271 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/6 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070 https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announ •