CVE-2021-34693
https://notcve.org/view.php?id=CVE-2021-34693
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. El archivo net/can/bcm.c en el kernel de Linux versiones hasta 5.12.10, permite a usuarios locales obtener información confidencial de la memoria de la pila del kernel porque partes de una estructura de datos no están inicializadas • http://www.openwall.com/lists/oss-security/2021/06/15/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T https://ww • CWE-909: Missing Initialization of Resource •
CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •
CVE-2020-36386 – kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c
https://notcve.org/view.php?id=CVE-2020-36386
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.8.1. El archivo net/bluetooth/hci_event.c presenta una lectura fuera de límites en la función hci_extended_inquiry_result_evt, también se conoce como CID-51c19bf3d5cf A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hci_extended_inquiry_result_evt call. A local user could use this flaw to crash the system or read some data out of memory bounds that can lead to data confidentiality threat. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 https://access.redhat.com/security/cve/CVE-2020-36386 https://bugzilla.redhat.com • CWE-125: Out-of-bounds Read •
CVE-2020-36387
https://notcve.org/view.php?id=CVE-2020-36387
An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.8.2. El archivo fs/io_uring.c presenta un uso de la memoria previamente liberada relacionado con la función io_async_task_func y la retención de referencias ctx, también conocido como CID-6d816e088c35 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe https://security.netapp.com/advisory/ntap-20210727-0006 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-io_async_task_func https://syzkaller.appspot.com/bug?id=ce5f07d6ec3b5050b8f0728a3b389aa510f2591b • CWE-416: Use After Free •
CVE-2020-36385 – kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
https://notcve.org/view.php?id=CVE-2020-36385
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.10. El archivo drivers/infiniband/core/ucma.c, presenta un uso de la memoria previamente liberada porque el ctx es alcanzado por medio de la función ctx_list en algunas situaciones donde la función ucma_migrate_id en que la función ucma_close, es llamada también se conoce como CID-f5449e74802c An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1 https://security.netapp.com/advisory/ntap-20210720-0004 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2 https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6 https://www.starwindsoftware.com/security/sw-20220802-0002 https://access.redhat.com/security/cve/CVE-2020-36385 • CWE-416: Use After Free •