CVE-2020-27820 – kernel: use-after-free in nouveau kernel module
https://notcve.org/view.php?id=CVE-2020-27820
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). Se ha encontrado una vulnerabilidad en el kernel de Linux, en la que un uso de memoria previamente liberada en el manejador postclose() de nouveau podría ocurrir si se quita el dispositivo (que no es común quitar la tarjeta de vídeo físicamente sin apagar, pero lo mismo ocurre si se "desvincula" el controlador) • https://bugzilla.redhat.com/show_bug.cgi?id=1901726 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-27820 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com https://lore.kernel.org • CWE-416: Use After Free •
CVE-2021-43267 – kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
https://notcve.org/view.php?id=CVE-2021-43267
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. Se ha detectado un problema en el archivo net/tipc/crypto.c en el kernel de Linux versiones anteriores a 5.14.16. La funcionalidad Transparent Inter-Process Communication (TIPC) permite a atacantes remotos explotar una comprobación insuficiente de los tamaños suministrados por el usuario para el tipo de mensaje MSG_CRYPTO A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. • https://github.com/zzhacked/CVE-2021-43267 https://github.com/DarkSprings/CVE-2021-43267-POC http://www.openwall.com/lists/oss-security/2022/02/10/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2021-43056 – kernel: ppc: kvm: allows a malicious KVM guest to crash the host
https://notcve.org/view.php?id=CVE-2021-43056
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. Se ha detectado un problema en el kernel de Linux para powerpc versiones anteriores a 5.14.15. Permite que un invitado KVM malicioso bloquee el host, cuando éste es ejecutado en Power8, debido a un error de implementación de arch/powerpc/kvm/book3s_hv_rmhandlers.S en el manejo de los valores del registro SRR1 A denial of service problem was found in the Linux kernel's Kernel-based Virtual Machine (KVM) specific to PowerPC. In this flaw, a user with local access can confuse the host offline code, causing the guest to crash. • http://www.openwall.com/lists/oss-security/2021/10/28/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15 https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-252: Unchecked Return Value •
CVE-2021-42327
https://notcve.org/view.php?id=CVE-2021-42327
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. la función dp_link_settings_write en el archivo drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c en el kernel de Linux versiones hasta 5.14.14, permite un desbordamiento de búfer en la región heap de la memoria por parte de un atacante que puede escribir una cadena en el sistema de archivos de depuración de los controladores de la GPU AMD. No se presentan comprobaciones de tamaño dentro de parse_write_buffer_into_params cuando usa el tamaño de copy_from_user para copiar un buffer de espacio de usuario en un buffer de pila de 40 bytes • https://github.com/docfate111/CVE-2021-42327 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7 https://security.netapp.com/advisory/ntap-20211118-0005 https://www.mail-archive.com/amd-gfx • CWE-787: Out-of-bounds Write •
CVE-2021-42739 – kernel: Heap buffer overflow in firedtv driver
https://notcve.org/view.php?id=CVE-2021-42739
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. Se ha encontrado un fallo de desbordamiento de búfer basado en la pila en el controlador de la tarjeta multimedia FireDTV del kernel de Linux, donde el usuario llama al ioctl CA_SEND_MSG. Este fallo permite a un usuario local de la máquina anfitriona bloquear el sistema o escalar privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=1951739 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda https://seclists.org/oss-sec/2021/q2/46 https://www.oracle.com/security-alerts/cpujul2022.html https://www.starwindsoftware.com/security/sw-20220804-0001 https://access.redhat.com/security/cve/CVE-2021-42739 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •