CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38160
https://notcve.org/view.php?id=CVE-2021-38160
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior ** EN DISPUTA ** En el archivo drivers/char/virtio_console.c en el kernel de Linux versiones anteriores a 5.13.4, la corrupción o pérdida de datos puede ser desencadenada por un dispositivo no fiable que suministre un valor buf-)len excediendo el tamaño del buffer. NOTA: El proveedor indica que la citada corrupción de datos no es una vulnerabilidad en ningún caso de uso existente; la validación de la longitud se añadió únicamente para la robustez frente a un comportamiento anómalo del sistema operativo anfitrión. • https://access.redhat.com/security/cve/cve-2021-38160 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20210902-0010 https://www.debian.org/security/2021/dsa-4978 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3679 – kernel: DoS in rb_per_cpu_empty()
https://notcve.org/view.php?id=CVE-2021-3679
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. Se encontró una falta de recursos de CPU en la funcionalidad tracing module del kernel de Linux en versiones anteriores a 5.14-rc3 en la manera en que el usuario usa el búfer de anillo de rastreo de una manera específica. Sólo usuarios locales privilegiados (con capacidad CAP_SYS_ADMIN) podían usar este fallo para privar de recursos causando una denegación de servicio A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1989165 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://www.debian.org/security/2021/dsa-4978 https://access.redhat.com/security/cve/CVE-2021-3679 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3682 – QEMU: usbredir: free() call on invalid pointer in bufp_alloc()
https://notcve.org/view.php?id=CVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. Se ha encontrado un fallo en la emulación del dispositivo redirector USB de QEMU en versiones anteriores a 6.1.0-rc2. Ocurre cuando se abandonan paquetes durante una transferencia masiva desde un cliente SPICE debido a que la queue de paquetes está lleno. • https://bugzilla.redhat.com/show_bug.cgi?id=1989651 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210902-0006 https://www.debian.org/security/2021/dsa-4980 https://access.redhat.com/security/cve/CVE-2021-3682 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38114
https://notcve.org/view.php?id=CVE-2021-38114
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. El archivo libavcodec/dnxhddec.c en FFmpeg versión 4.4 no comprueba el valor de retorno de la función init_vlc, un problema similar a CVE-2013-0868 • https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09%40PAXP193MB1262.EURP193.PROD.OUTLOOK.COM https://www.debian.org/security/2021/dsa-4990 https://www.debian.org/security/2021/dsa-4998 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2021-31292 – exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS
https://notcve.org/view.php?id=CVE-2021-31292
An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Un desbordamiento de enteros en la función CrwMap::encode0x1810 de Exiv2 versión 0.27.3 permite a atacantes desencadenar un desbordamiento del búfer en la región heap de la memoria y causar una denegación de servicio (DOS) por medio de metadatos diseñados A flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service availability. • https://github.com/Exiv2/exiv2/issues/1530 https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 https://www.debian.org/security/2021/dsa-4958 https://access.redhat.com/security/cve/CVE-2021-31292 https:/&#x • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •