CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3492 – Ubuntu linux kernel shiftfs file system double free vulnerability
https://notcve.org/view.php?id=CVE-2021-3492
16 Apr 2021 — Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Shiftfs, un sistema de archivos de apilamiento fuera del árbol incluido en los kernels de Ubuntu Linux, no manejaba aprop... • https://github.com/synacktiv/CVE-2021-3492 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 15CVE-2021-3493 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3493
16 Apr 2021 — The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. La implementación de overlayfs en el kernel de Linux no comprobó apropiadamente con respecto a los espacios de nombre de los usuarios, l... • https://github.com/briskets/CVE-2021-3493 • CWE-270: Privilege Context Switching Error CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3444 – Linux kernel bpf verifier incorrect mod32 truncation
https://notcve.org/view.php?id=CVE-2021-3444
23 Mar 2021 — The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt z... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27171
https://notcve.org/view.php?id=CVE-2020-27171
20 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.8. El archivo kernel/bpf/verifier.c presenta un error por un paso (con un subdesbordamiento de... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-193: Off-by-one Error •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27170 – kernel: Speculation on pointer arithmetic against bpf_context pointer
https://notcve.org/view.php?id=CVE-2020-27170
20 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.8. El archivo kernel/bpf/verifier.c lleva a cabo especulaciones no deseadas fuera de ... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 1CVE-2021-27364 – kernel: out-of-bounds read in libiscsi module
https://notcve.org/view.php?id=CVE-2021-27364
07 Mar 2021 — An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. Se detectó un problema en el kernel de Linux versiones hasta 5.11.3. El archivo drivers/scsi/scsi_transport_iscsi.c está afectado negativamente por la capacidad de un usuario sin privilegios de crear mensajes Netlink A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that cou... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-125: Out-of-bounds Read •
CVSS: 2.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-27351 – Various memory and file descriptor leaks in apt-python
https://notcve.org/view.php?id=CVE-2020-27351
10 Dec 2020 — Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1; Se encontraron varios filtrados de memoria y descriptores de archivos en los archivos python/arfile.cc, python/tag.cc, python/tarfil... • https://bugs.launchpad.net/bugs/1899193 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.7EPSS: 0%CPEs: 12EXPL: 0CVE-2020-27350 – apt integer wraparound
https://notcve.org/view.php?id=CVE-2020-27350
10 Dec 2020 — APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; APT tuvo varios desbordamientos y subdesbordamientos de enteros al analizar paquetes .de... • https://bugs.launchpad.net/bugs/1899193 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27349 – aptdaemon performed policykit permissions checks too late
https://notcve.org/view.php?id=CVE-2020-27349
09 Dec 2020 — Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. Aptdaemon llevó a cabo comprobaciones de policykit después de interactuar con archivos potencialmente no confiables con privilegios elevados. Esto afectó a versiones anteriores a 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, ... • https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193 • CWE-862: Missing Authorization •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16128 – Aptdaemon error messages disclosed file existence to unprivileged users via dbus properties
https://notcve.org/view.php?id=CVE-2020-16128
09 Dec 2020 — The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. La interfaz DBus de aptdaemon divulgó la existencia de archivos al ajustar las propiedades de Terminal/DebconfSocket, también se conoce como GHSL-2020-192 y GHSL-2020-196. Esto afectó a versiones anteriores a 1.1.1+bzr982-0ubunt... • https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 • CWE-209: Generation of Error Message Containing Sensitive Information •