CVE-2020-27675
https://notcve.org/view.php?id=CVE-2020-27675
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. El archivo drivers/xen/events/events_base.c permite la eliminación del canal de eventos durante el ciclo de manejo de eventos (una condición de carrera). Esto puede causar una desreferencia del puntero NULL y un uso de la memoria previamente liberada como es demostrado por un bloqueo dom0 por medio de eventos para un dispositivo paravirtualizado en reconfiguración, también se conoce como CID-073d0552ead5 • http://www.openwall.com/lists/oss-security/2021/01/19/3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://github.com/torvalds/linux/commit/073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ZG6TZLD23QO3PV2AN2HB625ZX47ALTT https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVE-2020-24490 – kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events
https://notcve.org/view.php?id=CVE-2020-24490
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://access.redhat.com/security/cve/CVE-2020-24490 https://bugzilla.redhat.com/show_bug.cgi?id=1888449 • CWE-122: Heap-based Buffer Overflow •
CVE-2020-12351 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12351
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Una comprobación de entrada incorrecta en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso adyacente A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://www.exploit-db.com/exploits/49754 http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 https://access.redhat.com/security/cve/CVE-2020-12351 https://bugzilla.redhat.com/show_bug.cgi?id=1886521 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2020-12352 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12352
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso adyacente An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. • https://www.exploit-db.com/exploits/49754 http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 https://access.redhat.com/security/cve/CVE-2020-12352 https://bugzilla.redhat.com/show_bug.cgi?id=1886529 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-909: Missing Initialization of Resource •
CVE-2020-27194
https://notcve.org/view.php?id=CVE-2020-27194
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. Se detectó un problema en el kernel de Linux versiones anteriores a 5.8.15. La función scalar32_min_max_or en el archivo kernel/bpf/verifier.c, maneja inapropiadamente el seguimiento de límites durante el uso de valores de 64 bits, también se conoce como CID-5b9fbeb75b6a • https://github.com/xmzyshypnc/CVE-2020-27194 https://github.com/willinin/CVE-2020-27194-exp https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15 https://github.com/torvalds/linux/commit/5b9fbeb75b6a98955f628e205ac26689bcb1383e • CWE-681: Incorrect Conversion between Numeric Types •