Tatsuhiko Yasumatsu

#11741of 53,633
23.4Total CVSS
Vulnerabilities · 3
High
3
PT-2021-7067
7.8
2021-09-30
Linux · Linux Kernel · CVE-2021-41864
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.14.12 **Description** The issue is related to the `prealloc elems and freelist` function in `kernel/bpf/stackmap.c` and is associated with an integer overflow. This can allow unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write. The vulnerability may permit an attacker to access confidential information or cause a denial of service. **Recommendations** For Linux kernel versions prior to 5.14.12, update to version 5.14.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `prealloc elems and freelist` function in `kernel/bpf/stackmap.c` to minimize the risk of exploitation.
PT-2021-4242
7.8
2021-08-06
Linux · Linux Kernel · CVE-2021-38166
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.13.8 **Description** The issue is related to an integer overflow and out-of-bounds write in the kernel/bpf/hashtab.c component of the Linux kernel. This occurs when many elements are placed in a single bucket. Exploitation of this issue may allow an attacker to impact the integrity, availability, and confidentiality of data. It is noted that exploitation might be impractical without the CAP SYS ADMIN capability. **Recommendations** For Linux kernel versions through 5.13.8, update to a version later than 5.13.8 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.
PT-2022-21938
7.8
2021-04-07
U-Boot · U-Boot · CVE-2022-33967
**Name of the Vulnerable Software and Affected Versions** U-Boot versions from v2020.10-rc2 to v2022.07-rc5 **Description** The squashfs filesystem implementation in U-Boot contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. This can be triggered by loading a specially crafted squashfs image, potentially leading to a denial-of-service (DoS) condition or arbitrary code execution. **Recommendations** For U-Boot versions from v2020.10-rc2 to v2022.07-rc5, consider disabling the squashfs filesystem implementation until a patch is available to prevent potential exploitation. Restrict access to loading squashfs images to minimize the risk of arbitrary code execution or denial-of-service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.