Alexander Popov

**Nome do software vulnerável e versões afetadas** Versões do kernel Linux anteriores à 5.10.13 **Descrição** Existe uma vulnerabilidade de escalonamento de privilégios local no kernel Linux devido a várias condições de corrida na implementação do AF VSOCK. Essas condições são causadas por um bloqueio incorreto no arquivo net/vmw vsock/af vsock.c. A vulnerabilidade surgiu quando foi adicionado o suporte a múltiplos transportes VSOCK. **Recomendações** Para versões do kernel Linux anteriores à 5.10.13, atualize para a versão 5.10.13 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à implementação AF VSOCK até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** QEMU versions 2.4.0 through 4.2.0 **Description** An issue was discovered in the `ide dma cb()` function, which can cause the QEMU process in the host system to crash via a special `SCSI IOCTL SEND COMMAND`. This issue implies that the size of successful DMA transfers must be a multiple of 512, the size of a sector. A member of the QEMU security team disputes the significance of this issue, stating that a privileged guest user has many ways to cause a similar denial-of-service effect without triggering this assertion. **Recommendations** For QEMU versions 2.4.0 through 4.2.0, consider disabling the `ide dma cb()` function as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to the `SCSI IOCTL SEND COMMAND` to prevent potential crashes of the QEMU process in the host system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.3.8 **Description** The issue is related to a race condition in the V4L2 subsystem of the Linux kernel, specifically in the drivers/media/platform/vivid module. This is caused by incorrect mutex locking in functions such as `vivid stop generating vid cap()`, `vivid stop generating vid out()`, and `sdr cap stop streaming()`. The exploitation of this issue can lead to privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. At least one of these race conditions leads to a use-after-free. **Recommendations** For Linux kernel versions prior to 5.3.8, consider updating to a version that includes the fix for this issue. As a temporary workaround, restricting access to the /dev/video0 device or disabling the vivid driver may help minimize the risk of exploitation. Additionally, avoiding the use of the affected functions until a patch is available can also be considered as a mitigation measure.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.10.1 **Description** A race condition in the Linux kernel allows local users to gain privileges or cause a denial of service by setting the HDLC line discipline. This issue affects the `drivers/tty/n hdlc.c` component. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Linux kernel versions through 4.10.1, update to a version later than 4.10.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.11 **Description** The issue is related to a race condition in the `sctp wait for sndbuf` function in `net/sctp/socket.c`. This can be exploited by a local user via a multithreaded application that peels off an association in a certain buffer-full state, leading to a denial of service (assertion failure and panic). The vulnerability exists due to insufficient checking of the resource state when it can be shared. **Recommendations** For Linux kernel versions prior to 4.9.11, update to version 4.9.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of multithreaded applications that could exploit this condition until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3 **Description** The issue is related to the ` skb flow dissect` function in `net/core/flow dissector.c`, which does not properly initialize `n proto`, `ip proto`, and `thoff`. This allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. The vulnerability is due to insufficient input validation, where the `key control` protocol returns true without setting values for `n proto`, `ip proto`, and `thoff`. **Recommendations** For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of MPLS packets to minimize the risk of exploitation.