CVE-2021-28038
https://notcve.org/view.php?id=CVE-2021-28038
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. Se detectó un problema en el kernel de Linux versiones hasta 5.11.3, como es usada con Xen PV. • http://www.openwall.com/lists/oss-security/2021/03/05/1 http://xenbits.xen.org/xsa/advisory-367.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3 https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html https://security.netapp.com/advisory/ntap-20210409-0001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-25639
https://notcve.org/view.php?id=CVE-2020-25639
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Se encontró un fallo de desreferencia del puntero NULL en la funcionalidad del controlador GPU Nouveau del kernel de Linux en versiones anteriores a 5.12-rc1, en la manera en que el usuario llama a ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. Este fallo permite que un usuario local bloquee el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1876995 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5 • CWE-476: NULL Pointer Dereference •
CVE-2020-35508 – kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
https://notcve.org/view.php?id=CVE-2020-35508
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadores de señales. Un atacante local es capaz de abusar de este fallo para omitir unas comprobaciones y enviar cualquier señal a un proceso privilegiado. A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. • https://bugzilla.redhat.com/show_bug.cgi?id=1902724 https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 https://security.netapp.com/advisory/ntap-20210513-0006 https://access.redhat.com/security/cve/CVE-2020-35508 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-665: Improper Initialization •
CVE-2020-28588
https://notcve.org/view.php?id=CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad /proc/pid/syscall de Linux Kernel versiones 5.1 Stable y 5.4.66. Más específicamente, este problema ha sido introducido en la versión v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) y todavía está presente en la versión v5.10-rc4, por lo que es probable que todas las versiones intermedias estén afectadas. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2020-35499
https://notcve.org/view.php?id=CVE-2020-35499
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. Un fallo de desreferencia del puntero NULL en versiones del kernel anteriores a 5.11, se puede visualizar si la función sco_sock_getsockopt en el archivo net / bluetooth/sco.c no posee una comprobación de cordura para una conexión socket, cuando se usa BT_SNDMTU/BT_RCVMTU para sockets SCO. Esto podría permitir a un atacante local con un privilegio de usuario especial bloquear el sistema (DOS) o filtrar información interna del kernel • https://bugzilla.redhat.com/show_bug.cgi?id=1910048 • CWE-476: NULL Pointer Dereference •