CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4028 – kernel: use-after-free in RDMA listen()
https://notcve.org/view.php?id=CVE-2021-4028
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. Un fallo en la implementación del kernel de Linux del código de escucha del administrador de comunicaciones RDMA permitía a un atacante con acceso local configurar un socket para que escuchara en un puerto alto, lo que permitía un uso de memoria previamente liberada de un elemento de la lista. Dada la capacidad de ejecutar código, un atacante local podría aprovechar este uso de memoria previamente liberada para bloquear el sistema o posiblemente escalar privilegios en el sistema. A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. • https://access.redhat.com/security/cve/CVE-2021-4028 https://bugzilla.redhat.com/show_bug.cgi?id=2027201 https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74 https://lkml.org/lkml/2021/10/4/697 https://security.netapp.com/advisory/ntap-20221228-0002 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 5CVE-2022-25636 – kernel: heap out of bounds write in nf_dup_netdev.c
https://notcve.org/view.php?id=CVE-2022-25636
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. El archivo net/netfilter/nf_dup_netdev.c en el kernel de Linux versiones 5.4 hasta 5.6.10, permite a usuarios locales alcanzar privilegios debido a una escritura fuera de los límites de la pila. Esto está relacionado con nf_tables_offload An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat. • https://github.com/Bonfee/CVE-2022-25636 https://github.com/veritas501/CVE-2022-25636-PipeVersion https://github.com/chenaotian/CVE-2022-25636 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://www.openwall.com/lists/oss-security/2022/02/22/1 https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6 https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636 https://security • CWE-269: Improper Privilege Management CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25375
https://notcve.org/view.php?id=CVE-2022-25375
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. Se ha detectado un problema en el archivo drivers/usb/gadget/function/rndis.c en el kernel de Linux versiones anteriores a 5.16.10. El gadget USB RNDIS no comprueba el tamaño del comando RNDIS_MSG_SET. • http://www.openwall.com/lists/oss-security/2022/02/21/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://github.com/szymonh/rndis-co https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5092 https://www.debian.org/security/2022/dsa-5096 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20320
https://notcve.org/view.php?id=CVE-2021-20320
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Se encontró un fallo en s390 eBPF JIT en la función bpf_jit_insn en el archivo arch/s390/net/bpf_jit_comp.c en el kernel de Linux. En este fallo, un atacante local con privilegios de usuario especiales puede omitir el verificador y puede conllevar a un problema de confidencialidad • https://bugzilla.redhat.com/show_bug.cgi?id=2010090 https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh%40anyfinetworks.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-0646
https://notcve.org/view.php?id=CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. Se encontró un fallo de uso de memoria previamente liberada en el subsistema del kernel de Linux Management Component Transport Protocol (MCTP) en la forma en que el usuario desencadena cancel_work_sync después de unregister_netdev durante la eliminación del dispositivo. Un usuario local podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema. • https://lore.kernel.org/all/20220211011552.1861886-1-jk%40codeconstruct.com.au https://security.netapp.com/advisory/ntap-20220318-0006 • CWE-416: Use After Free CWE-459: Incomplete Cleanup •