CVE-2020-27152 – Kernel: KVM: host stack overflow due to lazy update IOAPIC
https://notcve.org/view.php?id=CVE-2020-27152
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. Se detectó un problema en la función ioapic_lazy_update_eoi en el archivo arch/x86/kvm/ioapic.c en el kernel de Linux versiones anteriores a 5.9.2. Presenta un bucle infinito relacionado con la interacción inapropiada entre el remuestreador y la activación de borde, también se conoce como CID-77377064c3a9 A stack overflow flaw via an infinite loop condition issue was found in the KVM hypervisor of the Linux kernel. This flaw occurs while processing interrupts because the IRQ state is erroneously set. • http://www.openwall.com/lists/oss-security/2020/11/03/1 https://bugzilla.kernel.org/show_bug.cgi?id=208767 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77377064c3a94911339f13ce113b3abf265e06da https://access.redhat.com/security/cve/CVE-2020-27152 https://bugzilla.redhat.com/show_bug.cgi?id=1888886 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-27673
https://notcve.org/view.php?id=CVE-2020-27673
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. Los usuarios del Sistema Operativo invitado pueden causar una denegación de servicio (suspensión del Sistema Operativo host) por medio de una alta tasa de eventos en dom0, también se conoce como CID-e99502f76271 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/6 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070 https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announ •
CVE-2020-27675
https://notcve.org/view.php?id=CVE-2020-27675
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. El archivo drivers/xen/events/events_base.c permite la eliminación del canal de eventos durante el ciclo de manejo de eventos (una condición de carrera). Esto puede causar una desreferencia del puntero NULL y un uso de la memoria previamente liberada como es demostrado por un bloqueo dom0 por medio de eventos para un dispositivo paravirtualizado en reconfiguración, también se conoce como CID-073d0552ead5 • http://www.openwall.com/lists/oss-security/2021/01/19/3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://github.com/torvalds/linux/commit/073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ZG6TZLD23QO3PV2AN2HB625ZX47ALTT https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVE-2020-24490 – kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events
https://notcve.org/view.php?id=CVE-2020-24490
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://access.redhat.com/security/cve/CVE-2020-24490 https://bugzilla.redhat.com/show_bug.cgi?id=1888449 https://access.redhat.com/security/vulnerabilities/BleedingTooth • CWE-122: Heap-based Buffer Overflow •
CVE-2020-12351 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12351
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Una comprobación de entrada incorrecta en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso adyacente A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://www.exploit-db.com/exploits/49754 http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 https://access.redhat.com/security/cve/CVE-2020-12351 https://bugzilla.redhat.com/show_bug.cgi?id=1886521 https://access.redhat.com/security/vulnerabilities/BleedingTooth • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •