CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23134 – Linux kernel llcp_sock_bind/connect use-after-free
https://notcve.org/view.php?id=CVE-2021-23134
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Una vulnerabilidad de uso de la memoria previamente liberada en nfc sockets en el Kernel de Linux versiones anteriores a 5.12.4 permite a atacantes locales escalar sus privilegios. En configuraciones típicas, el problema solo puede ser desencadenado por un usuario local privilegiado con la capacidad CAP_NET_RAW • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77 https://security.netapp.com/advisory/ntap-20210625 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 2CVE-2021-29657 – KVM nested_svm_vmrun Double Fetch
https://notcve.org/view.php?id=CVE-2021-29657
arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. El archivo arch/x86/kvm/svm/nested.c en el kernel de Linux versiones anteriores a 5.11.12, presenta un uso de memoria previamente liberada en el que un invitado KVM de AMD puede omitir el control de acceso en los MSR del SO anfitrión cuando se presentan invitados anidados, también se conoce como CID-a58d9166a756. Esto ocurre debido a una condición de carrera TOCTOU asociada con un doble fetch VMCB12 en la función nested_svm_vmrun • http://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2177 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134 https://security.netapp.com/advisory/ntap-20210902-0008 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25670
https://notcve.org/view.php?id=CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 http://www.openwall.com/lists/oss-security/2021/05/11/4 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://li • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3483
https://notcve.org/view.php?id=CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected Se encontró una fallo en el controlador Nosy en el kernel de Linux. Este problema permite a un dispositivo ser insertado dos veces en una lista doblemente enlazada, conllevando a un uso de la memoria previamente liberada cuando uno de estos dispositivos es eliminado. • http://www.openwall.com/lists/oss-security/2021/04/07/1 https://bugzilla.redhat.com/show_bug.cgi?id=1948045 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://security.netapp.com/advisory/ntap-20210629-0002 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3489 – Linux kernel eBPF RINGBUF map oversized allocation
https://notcve.org/view.php?id=CVE-2021-3489
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1). La función eBPF RINGBUF bpf_ringbuf_reserve() del kernel de Linux no comprobaba que el tamaño asignado fuera menor que el tamaño del ringbuf, lo que permitía a un atacante realizar escrituras fuera de los límites del kernel y, por tanto, la ejecución de código arbitrario. Este problema se solucionó a través del commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) y se retroalimentó a los kernels estables en versiones v5.12.4, v5.11.21 y v5.10.37. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea https://security.netapp.com/advisory/ntap-20210716-0004 https://ubuntu.com/security/notices/USN-4949-1 https://ubuntu.com/security/notices/USN-4950-1 https://www.openwall.com/lists/oss-security/2021/05/11/10 https://www.zerodayinitiative.com/advisories/ZDI-21-590 https://access.redhat.com/security/cve/CVE-2021-3489 https://bugzilla.redhat.com/show_bug.cgi?id=1959559 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •