CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-28971 – kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
https://notcve.org/view.php?id=CVE-2021-28971
22 Mar 2021 — In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. En la función intel_pmu_drain_pebs_nhm en el archivo arch/x86/events/intel/ds.c en el kernel de Linux versiones hasta 5.11.8 en algunas CPU Haswell, las aplicaciones de espacio de usuario (como perf-fuzzer) pueden causar un bloqueo del sistema porqu... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-28964 – Ubuntu Security Notice USN-5361-1
https://notcve.org/view.php?id=CVE-2021-28964
22 Mar 2021 — A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Se detectó una condición de carrera en la función get_old_root en el archivo fs/btrfs/ctree.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (BUG) debido a una falta de bloqueo en un búfer de exte... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-28952 – Ubuntu Security Notice USN-4984-1
https://notcve.org/view.php?id=CVE-2021-28952
20 Mar 2021 — An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) Se detectó un problema en el kernel de Linux versiones hasta 5.11.8. El controlador de dispositivo soundwire del archivo sound/soc/qcom/sdm845.c presenta un desbordamiento del búfer cuando es encontrado un número de identificación de puerto no previsto, también se c... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-28951 – Ubuntu Security Notice USN-4948-1
https://notcve.org/view.php?id=CVE-2021-28951
20 Mar 2021 — An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. Se detectó un problema en el archivo fs/io_uring.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (deadlock) porque la salida puede estar esperando para estacionar un hilo ... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 2CVE-2021-26708 – kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
https://notcve.org/view.php?id=CVE-2021-26708
05 Feb 2021 — A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Se detectó una escalada de privilegios local en el kernel de Linux versiones anteriores a 5.10.13. Múltiples condiciones de carrera en la implementación de AF_VSOCK son causadas mediante un bloqueo incorrecto e... • https://github.com/azpema/CVE-2021-26708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25668 – Ubuntu Security Notice USN-4679-1
https://notcve.org/view.php?id=CVE-2020-25668
06 Jan 2021 — A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Se encontró un fallo en el Kernel de Linux porque el acceso a la variable global fg_console no está correctamente sincronizado, conllevando a un uso de la memoria previamente liberada en la función con_font_op It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensit... • https://github.com/hshivhare67/Kernel_4.1.15_CVE-2020-25668 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-662: Improper Synchronization •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 2CVE-2020-15436 – kernel: use-after-free in fs/block_dev.c
https://notcve.org/view.php?id=CVE-2020-15436
23 Nov 2020 — Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. La vulnerabilidad de tipo use-after-free en el archivo fs/block_dev.c en el kernel de Linux versiones anteriores a 5.8, permite a usuarios locales obtener privilegios o causar una denegación de servicio al aprovechar el acceso inapropiado a un determinado campo de error A use-after-free flaw was observed in bl... • https://github.com/Trinadh465/linux-4.19.72_CVE-2020-15436 • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 11EXPL: 1CVE-2020-14305 – kernel: memory corruption in Voice over IP nf_conntrack_h323 module
https://notcve.org/view.php?id=CVE-2020-14305
30 Sep 2020 — An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de escritura de memoria fuera de límites en la manera en que la funcionalidad connection tracking Voice Over IP H.323 de... • https://bugs.openvz.org/browse/OVZ-7188 • CWE-787: Out-of-bounds Write •