CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31916 – kernel: out of bounds array access in drivers/md/dm-ioctl.c
https://notcve.org/view.php?id=CVE-2021-31916
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de escritura de la memoria fuera de límites (OOB) en la función list_devices en el archivo drivers/md/dm-ioctl.c en el módulo de controlador Multi-device en el kernel de Linux versiones anteriores a 5.12. Un fallo de comprobación limitada permite a un atacante con privilegios de usuario especial (CAP_SYS_ADMIN) conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una filtración de información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1946965 https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://seclists.org/oss-sec/2021/q1/268 https://access.redhat.com/security/cve/CVE-2021-31916 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31829 – kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-31829
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.1, lleva a cabo cargas especulativas no deseadas, conllevando a una divulgación del contenido de la pila por medio de ataques side-channel, también se conoce como CID-801c6058d14a. La preocupación específica no es proteger el área de la pila de BPF contra cargas especulativas. • http://www.openwall.com/lists/oss-security/2021/05/04/4 https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2020-35519
https://notcve.org/view.php?id=CVE-2020-35519
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de acceso a la memoria fuera de los límites (OOB) en la función x25_bind en el archivo net/x25/af_x25.c en el kernel de Linux versión v5.12-rc5. Un fallo en la comprobación de límites permite a un atacante local con una cuenta de usuario en el sistema conseguir acceso a la memoria fuera de límites, conllevando a un bloqueo del sistema o una filtración de información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1908251 https://security.netapp.com/advisory/ntap-20210618-0009 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-3501 – kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
https://notcve.org/view.php?id=CVE-2021-3501
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.12. El valor de internal.ndata, en la API de KVM, es asignado a un índice de matriz, que puede ser actualizado por un proceso de usuario en cualquier momento, lo que podría conllevar a una escritura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1950136 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a https://security.netapp.com/advisory/ntap-20210618-0008 https://access.redhat.com/security/cve/CVE-2021-3501 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-31440 – Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31440
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36 https://security.netapp.com/advisory/ntap-20210706-0003 https://www.zerodayinitiative.com/advisories/ZDI-21-503 https://access.redhat.com/security/cve/CVE-2021-31440 https://bugzilla.redhat.com/show_bug.cgi?id=1964028 • CWE-682: Incorrect Calculation •