CVE-2020-36387
https://notcve.org/view.php?id=CVE-2020-36387
An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.8.2. El archivo fs/io_uring.c presenta un uso de la memoria previamente liberada relacionado con la función io_async_task_func y la retención de referencias ctx, también conocido como CID-6d816e088c35 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe https://security.netapp.com/advisory/ntap-20210727-0006 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-io_async_task_func https://syzkaller.appspot.com/bug?id=ce5f07d6ec3b5050b8f0728a3b389aa510f2591b • CWE-416: Use After Free •
CVE-2020-36385 – kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
https://notcve.org/view.php?id=CVE-2020-36385
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.10. El archivo drivers/infiniband/core/ucma.c, presenta un uso de la memoria previamente liberada porque el ctx es alcanzado por medio de la función ctx_list en algunas situaciones donde la función ucma_migrate_id en que la función ucma_close, es llamada también se conoce como CID-f5449e74802c An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1 https://security.netapp.com/advisory/ntap-20210720-0004 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2 https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6 https://www.starwindsoftware.com/security/sw-20220802-0002 https://access.redhat.com/security/cve/CVE-2020-36385 • CWE-416: Use After Free •
CVE-2021-3428 – kernel: integer overflow in ext4_es_cache_extent
https://notcve.org/view.php?id=CVE-2021-3428
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. Se ha encontrado un fallo en el kernel de Linux. Es identificado un problema de denegación de servicio si es corrompido un árbol de extensiones en un sistema de archivos ext4 diseñado en el archivo fs/ext4/extents.c en la función ext4_es_cache_extent. • https://bugzilla.redhat.com/show_bug.cgi?id=1972621 https://ubuntu.com/security/CVE-2021-3428 https://www.openwall.com/lists/oss-security/2021/03/17/1 https://access.redhat.com/security/cve/CVE-2021-3428 https://bugzilla.redhat.com/show_bug.cgi?id=1936786 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-33200 – kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
https://notcve.org/view.php?id=CVE-2021-33200
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.7, aplica límites incorrectos para operaciones aritméticas de puntero, también se conoce como CID-bb01a1bba579. Esto puede ser abusado para llevar a cabo lecturas y escrituras fuera de límites en la memoria del kernel, conllevando a una escalada local de privilegios a root. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-787: Out-of-bounds Write •
CVE-2020-25673
https://notcve.org/view.php?id=CVE-2020-25673
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS https://security.netapp.com/advisory/ntap-20210702-0008 https://www.openwall.com/lists/oss-security/2020 • CWE-400: Uncontrolled Resource Consumption •