CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32555 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32555
26 May 2021 — It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podía seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete apport hooks xorg-hwe- versión 18.04, podría exponer datos privados a otros usuarios locales Maik Münch discovered that A... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3489 – Linux kernel eBPF RINGBUF map oversized allocation
https://notcve.org/view.php?id=CVE-2021-3489
12 May 2021 — The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer... • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 8%CPEs: 10EXPL: 4CVE-2021-3490 – Linux kernel eBPF bitwise ops ALU32 bounds tracking
https://notcve.org/view.php?id=CVE-2021-3490
12 May 2021 — The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifi... • https://packetstorm.news/files/id/164015 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3491 – Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass
https://notcve.org/view.php?id=CVE-2021-3491
12 May 2021 — The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15078 – Gentoo Linux Security Advisory 202105-25
https://notcve.org/view.php?id=CVE-2020-15078
26 Apr 2021 — OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. OpenVPN versiones 2.5.1 y anteriores, permiten a atacantes remotos omitir la autenticación y los datos del canal de control de acceso en servidores configurados con autenticación diferida, que pueden ser usados para desencadenar potencialmente más fugas de información It wa... • https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 • CWE-305: Authentication Bypass by Primary Weakness CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 24%CPEs: 3EXPL: 1CVE-2021-3492 – Ubuntu linux kernel shiftfs file system double free vulnerability
https://notcve.org/view.php?id=CVE-2021-3492
16 Apr 2021 — Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Shiftfs, un sistema de archivos de apilamiento fuera del árbol incluido en los kernels de Ubuntu Linux, no manejaba aprop... • https://github.com/synacktiv/CVE-2021-3492 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •
CVSS: 8.8EPSS: 72%CPEs: 3EXPL: 18CVE-2021-3493 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3493
16 Apr 2021 — The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. La implementación de overlayfs en el kernel de Linux no comprobó apropiadamente con respecto a los espacios de nombre de los usuarios, l... • https://packetstorm.news/files/id/162866 • CWE-270: Privilege Context Switching Error CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3444 – Linux kernel bpf verifier incorrect mod32 truncation
https://notcve.org/view.php?id=CVE-2021-3444
23 Mar 2021 — The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt z... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27171 – Kernel Live Patch Security Notice LSN-0075-1
https://notcve.org/view.php?id=CVE-2020-27171
20 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.8. El archivo kernel/bpf/verifier.c presenta un error por un paso (con un subdesbordamiento de... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-193: Off-by-one Error •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27170 – kernel: Speculation on pointer arithmetic against bpf_context pointer
https://notcve.org/view.php?id=CVE-2020-27170
20 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.8. El archivo kernel/bpf/verifier.c lleva a cabo especulaciones no deseadas fuera de ... • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •