CVE-2021-3679 – kernel: DoS in rb_per_cpu_empty()
https://notcve.org/view.php?id=CVE-2021-3679
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. Se encontró una falta de recursos de CPU en la funcionalidad tracing module del kernel de Linux en versiones anteriores a 5.14-rc3 en la manera en que el usuario usa el búfer de anillo de rastreo de una manera específica. Sólo usuarios locales privilegiados (con capacidad CAP_SYS_ADMIN) podían usar este fallo para privar de recursos causando una denegación de servicio A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1989165 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://www.debian.org/security/2021/dsa-4978 https://access.redhat.com/security/cve/CVE-2021-3679 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-34556
https://notcve.org/view.php?id=CVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. En el kernel de Linux versiones hasta 5.13.7, un programa BPF sin privilegios puede obtener información confidencial de la memoria del kernel por medio de un ataque de canal lateral Omisión de Almacenamiento Especulativo porque el mecanismo de protección no tiene en cuenta la posibilidad de ubicaciones de memoria no inicializadas en la pila BPF • http://www.openwall.com/lists/oss-security/2021/08/01/3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4 https://lists.fedoraproject.org/a • CWE-203: Observable Discrepancy •
CVE-2021-35477
https://notcve.org/view.php?id=CVE-2021-35477
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. En el kernel de Linux versiones 5.13.7, un programa BPF sin privilegios puede obtener información confidencial de la memoria del kernel por medio de un ataque de canal lateral de Omisión de Almacenamiento Especulativo porque una determinada operación de almacenamiento anticipada no ocurre necesariamente antes de una operación de almacenamiento que tiene un valor controlado por el atacante • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QV • CWE-203: Observable Discrepancy •
CVE-2021-37576 – kernel: powerpc: KVM guest OS users can cause host OS memory corruption
https://notcve.org/view.php?id=CVE-2021-37576
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. El archivo arch/powerpc/kvm/book3s_rtas.c en el kernel de Linux versiones hasta 5.13.5, en la plataforma powerpc permite a usuarios del Sistema Operativo invitado de KVM causar una corrupción en la memoria del Sistema Operativo host por medio de rtas_args.nargs, también se conoce como CID-f62f3c20647e A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/07/27/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDFA7DSQIPM7XPNXJBXFWXHJFVUBCAG6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2YZ2DNURMYYVDT2NYAFDESJC35KCUDS https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u https://security.n • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-3573 – kernel: use-after-free in function hci_sock_bound_ioctl()
https://notcve.org/view.php?id=CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. Se detectó un uso de la memoria previamente liberada en la función hci_sock_bound_ioctl() del subsistema HCI del kernel de Linux en la manera en que el usuario llama a ioct HCIUNBLOCKADDR o de otra manera desencadena una condición de carrera de la llamada hci_unregister_dev() junto con una de las llamadas hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). Un usuario local privilegiado podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema. • http://www.openwall.com/lists/oss-security/2023/07/02/1 https://bugzilla.redhat.com/show_bug.cgi?id=1966578 https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52 https://www.openwall.com/lists/oss-security/2021/06/08/2 https://access.redhat.com/security/cve/CVE-2021-3573 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •