CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20320
https://notcve.org/view.php?id=CVE-2021-20320
18 Feb 2022 — A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Se encontró un fallo en s390 eBPF JIT en la función bpf_jit_insn en el archivo arch/s390/net/bpf_jit_comp.c en el kernel de Linux. En este fallo, un atacante local con privilegios de usuario especiales puede omitir el verificador y puede conllevar a un problema de confidencialid... • https://bugzilla.redhat.com/show_bug.cgi?id=2010090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2022-25265 – kernel: Executable Space Protection Bypass
https://notcve.org/view.php?id=CVE-2022-25265
16 Feb 2022 — In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. En el kernel de Linux versiones hasta 5.16.10, determinados archivos binarios pueden tener el atributo exec-all si fueron construidos aproximadamente en 2003 (por ejemplo, con GCC versión 3.2.2 y el kernel de Linux versión 2.4.20). Esto puede ... • https://github.com/x0reaxeax/exec-prot-bypass • CWE-281: Improper Preservation of Permissions CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2021-3773 – kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients
https://notcve.org/view.php?id=CVE-2021-3773
16 Feb 2022 — A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Un fallo en netfilter podría permitir a un atacante conectado a la red inferir información del endpoint de la conexión openvpn para su posterior uso en ataques de red tradicionales Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges tha... • https://github.com/d0rb/CVE-2021-3773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 1CVE-2022-25258 – Ubuntu Security Notice USN-5417-1
https://notcve.org/view.php?id=CVE-2022-25258
16 Feb 2022 — An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. Se ha descubierto un problema en drivers/usb/gadget/composite.c en el kernel de Linux anterior a la versión 5.16.10. El subsistema USB Gadget carece de cierta validación de las solicitudes de descriptor del SO d... • https://github.com/szymonh/d-os-descriptor • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44879 – Ubuntu Security Notice USN-6681-2
https://notcve.org/view.php?id=CVE-2021-44879
13 Feb 2022 — In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. En la función gc_data_segment en el archivo fs/f2fs/gc.c en el kernel de Linux versiones anteriores a 5.16.3, no son considerados los archivos especiales, conllevando a una desreferencia de puntero NULL de move_data_page Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while perfo... • https://bugzilla.kernel.org/show_bug.cgi?id=215231 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2021-45402 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2021-45402
11 Feb 2022 — The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." La función check_alu_op() en el archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta v5.16-rc5, no actualizaba correctamente los límites mientras manejaba la instrucción mov32, que permite a usuarios locales obtener información de direcc... • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3cf2b61eb06765e27fec6799292d9fb46d0b7e60 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-24958 – Ubuntu Security Notice USN-5468-1
https://notcve.org/view.php?id=CVE-2022-24958
11 Feb 2022 — drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. el archivo drivers/usb/gadget/legacy/inode.c en el kernel de Linux versiones hasta 5.16.8 maneja inapropiadamente la liberación dev-) buf Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to ex... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24959 – Ubuntu Security Notice USN-5383-1
https://notcve.org/view.php?id=CVE-2022-24959
11 Feb 2022 — An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.16.5. Se presenta una pérdida de memoria en la función yam_siocdevprivate en el archivo drivers/net/hamradio/yam.c Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can co... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0382 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2022-0382
11 Feb 2022 — An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. Se ha encontrado un fallo de fuga de información debido a una memoria no inicializada en el subsistema de protocolo TIPC de... • https://github.com/torvalds/linux/commit/d6d86830705f173fca6087a3e67ceaf68db80523 • CWE-909: Missing Initialization of Resource •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4159 – Ubuntu Security Notice USN-5790-1
https://notcve.org/view.php?id=CVE-2021-4159
10 Feb 2022 — A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. Se encontró una vulnerabilidad en el verificador EBPF del kernel de Linux cuando son manejadas estructuras de datos internas. Las ubicaciones de memoria interna ... • https://access.redhat.com/security/cve/CVE-2021-4159 • CWE-202: Exposure of Sensitive Information Through Data Queries •