CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-3501 – kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
https://notcve.org/view.php?id=CVE-2021-3501
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.12. El valor de internal.ndata, en la API de KVM, es asignado a un índice de matriz, que puede ser actualizado por un proceso de usuario en cualquier momento, lo que podría conllevar a una escritura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1950136 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a https://security.netapp.com/advisory/ntap-20210618-0008 https://access.redhat.com/security/cve/CVE-2021-3501 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
https://notcve.org/view.php?id=CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4411-1 https://usn.ubuntu.com/4412-1 https://usn.ubuntu.com/4413-1 https://usn.ubuntu.com/4414-1 https://usn.ubuntu& • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-14821 – Kernel: KVM: OOB memory access via mmio ring buffer
https://notcve.org/view.php?id=CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. Se encontró un problema de acceso fuera de límites en el kernel de Linux, todas las versiones hasta 5.3, en la manera en que el hipervisor KVM del kernel de Linux implementa la operación de escritura MMIO Coalesced. Opera en un objeto MMIO ring buffer "struct kvm_coalesced_mmio", en donde los índices de escritura "ring-)first" y "ring-)last" podrían ser suministrados por un proceso de espacio de usuario del host. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/09/20/1 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517&# • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 1CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los búferes virtueue en IOV, registraba los descriptores del búfer durante una migración. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no válida hacia el host cuando la migración está en marcha, podría usar este fallo para aumentar sus privilegios sobre el host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 1CVE-2019-1125 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM. • https://www.exploit-db.com/exploits/48071 http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:3248 https://access.redhat.com/errata/RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2695 https://access.redhat.com/errata/RHS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •