3 results (0.021 seconds)

CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0

CVE-2021-42739 – kernel: Heap buffer overflow in firedtv driver

https://notcve.org/view.php?id=CVE-2021-42739

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. Se ha encontrado un fallo de desbordamiento de búfer basado en la pila en el controlador de la tarjeta multimedia FireDTV del kernel de Linux, donde el usuario llama al ioctl CA_SEND_MSG. Este fallo permite a un usuario local de la máquina anfitriona bloquear el sistema o escalar privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=1951739 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda https://seclists.org/oss-sec/2021/q2/46 https://www.oracle.com/security-alerts/cpujul2022.html https://www.starwindsoftware.com/security/sw-20220804-0001 https://access.redhat.com/security/cve/CVE-2021-42739 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

CVE-2020-36385 – kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free

https://notcve.org/view.php?id=CVE-2020-36385

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.10. El archivo drivers/infiniband/core/ucma.c, presenta un uso de la memoria previamente liberada porque el ctx es alcanzado por medio de la función ctx_list en algunas situaciones donde la función ucma_migrate_id en que la función ucma_close, es llamada también se conoce como CID-f5449e74802c An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1 https://security.netapp.com/advisory/ntap-20210720-0004 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2 https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6 https://www.starwindsoftware.com/security/sw-20220802-0002 https://access.redhat.com/security/cve/CVE-2020-36385 • CWE-416: Use After Free •

CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-25704 – kernel: perf_event_parse_addr_filter memory

https://notcve.org/view.php?id=CVE-2020-25704

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Se encontró una perdida de memoria de fallo en el subsistema de monitoreo del rendimiento del kernel de Linux en el modo si se usaba PERF_EVENT_IOC_SET_FILTER. Un usuario local podría utilizar este fallo para privar los recursos causando una denegación de servicio A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1895961 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://www.openwall.com/lists/oss-security/2020/11/09/1 https://www.starwindsoftware.com/security/sw-20220802-0003 https://access.redhat.com/security/cve/CVE-2020-25704 • CWE-401: Missing Release of Memory after Effective Lifetime •