CVE-2021-45486 – kernel: information leak in the IPv4 implementation
https://notcve.org/view.php?id=CVE-2021-45486
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. En la implementación de IPv4 en el kernel de Linux versiones anteriores a 5.12.4, el archivo net/ipv4/route.c presenta un filtrado de información porque la tabla hash es muy pequeña An information leak flaw was found in the Linux kernel’s IPv4 implementation in the ip_rt_init in net/ipv4/route.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information. • https://arxiv.org/pdf/2112.09604.pdf https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-45486 https://bugzilla.redhat.com/show_bug.cgi?id=2039914 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-45480
https://notcve.org/view.php?id=CVE-2021-45480
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.15.11. Se presenta una pérdida de memoria en la función __rds_conn_create() en el archivo net/rds/connection.c en una determinada combinación de circunstancias • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11 https://github.com/torvalds/linux/commit/5f9562ebe710c307adc5f666bf1a2162ee7977c0 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-45469
https://notcve.org/view.php?id=CVE-2021-45469
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. En la función __f2fs_setxattr en el archivo fs/f2fs/xattr.c en el kernel de Linux versiones hasta 5.15.11, se presenta un acceso a memoria fuera de límites cuando un inodo presenta una última entrada xattr no válida • http://www.openwall.com/lists/oss-security/2021/12/25/1 https://bugzilla.kernel.org/show_bug.cgi?id=215235 https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-125: Out-of-bounds Read •
CVE-2021-44733 – kernel: use-after-free in the TEE subsystem
https://notcve.org/view.php?id=CVE-2021-44733
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. Se presenta un uso de memoria previamente liberada en el archivo drivers/tee/tee_shm.c en el subsistema TEE en el kernel de Linux versiones hasta 5.15.11. Esto ocurre debido a una condición de carrera en tee_shm_get_from_id durante un intento de liberar un objeto de memoria compartida A use-after-free flaw in the Linux kernel TEE (Trusted Execution Environment) subsystem was found in the way user calls ioctl TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c https://github.com/pjlantz/optee-qemu/blob/main/README.md https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander%40linaro.org https://security.netapp.com/advisory/ntap-20220114-0003 https://www.debian. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-908: Use of Uninitialized Resource •
CVE-2021-20321 – kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename()
https://notcve.org/view.php?id=CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. Se encontró una condición de carrera al acceder a un objeto de archivo en el subsistema OverlayFS del kernel de Linux en la forma en que usuarios hacen el cambio de nombre de manera específica con OverlayFS. Un usuario local podría usar este fallo para bloquear el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2013242 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/all/20211011134508.748956131%40linuxfoundation.org https://www.debian.org/security/2022/dsa-5096 https://access.redhat.com/security/cve/CVE-2021-20321 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •