Vulnerabilidades

Con el objetivo de informar, advertir y ayudar a los profesionales sobre las ultimas vulnerabilidades de seguridad en sistemas tecnológicos, ponemos a disposición de los usuarios interesados en esta información una base de datos con información en castellano sobre cada una de las ultimas vulnerabilidades documentadas y conocidas.

Este repositorio con más de 75.000 registros esta basado en la información de NVD (https://nvd.nist.gov/) (National Vulnerability Database) – en función de un acuerdo de colaboración – por el cual desde INCIBE realizamos la traducción al castellano de la información incluida. En ocasiones este listado mostrará vulnerabilidades que aún no han sido traducidas debido a que se recogen en el transcurso del tiempo en el que el equipo de INCIBE realiza el proceso de traducción.

Se emplea el estándar de nomenclatura de vulnerabilidades CVE (https://cve.mitre.org/) (Common Vulnerabilities and Exposures), con el fin de facilitar el intercambio de información entre diferentes bases de datos y herramientas. Cada una de las vulnerabilidades recogidas enlaza a diversas fuentes de información así como a parches disponibles o soluciones aportadas por los fabricantes y desarrolladores. Es posible realizar búsquedas avanzadas teniendo la opción de seleccionar diferentes criterios como el tipo de vulnerabilidad, fabricante, tipo de impacto entre otros, con el fin de acortar los resultados.

Mediante suscripción RSS (https://www.incibe.es/feed/vulnerabilities) o Boletines (https://www.incibe.es//incibe/suscripciones) podemos estar informados diariamente de las ultimas vulnerabilidades incorporadas al repositorio.

CVE-2021-47025

Fecha de publicación:
28/02/2024
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/mediatek: Always enable the clk on resume<br /> <br /> In mtk_iommu_runtime_resume always enable the clk, even<br /> if m4u_dom is null. Otherwise the &amp;#39;suspend&amp;#39; cb might<br /> disable the clk which is already disabled causing the warning:<br /> <br /> [ 1.586104] infra_m4u already disabled<br /> [ 1.586133] WARNING: CPU: 0 PID: 121 at drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8<br /> [ 1.594391] mtk-iommu 10205000.iommu: bound 18001000.larb (ops mtk_smi_larb_component_ops)<br /> [ 1.598108] Modules linked in:<br /> [ 1.598114] CPU: 0 PID: 121 Comm: kworker/0:2 Not tainted 5.12.0-rc5 #69<br /> [ 1.609246] mtk-iommu 10205000.iommu: bound 14027000.larb (ops mtk_smi_larb_component_ops)<br /> [ 1.617487] Hardware name: Google Elm (DT)<br /> [ 1.617491] Workqueue: pm pm_runtime_work<br /> [ 1.620545] mtk-iommu 10205000.iommu: bound 19001000.larb (ops mtk_smi_larb_component_ops)<br /> <br /> [ 1.627229] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)<br /> [ 1.659297] pc : clk_core_disable+0xb0/0xb8<br /> [ 1.663475] lr : clk_core_disable+0xb0/0xb8<br /> [ 1.667652] sp : ffff800011b9bbe0<br /> [ 1.670959] x29: ffff800011b9bbe0 x28: 0000000000000000<br /> [ 1.676267] x27: ffff800011448000 x26: ffff8000100cfd98<br /> [ 1.681574] x25: ffff800011b9bd48 x24: 0000000000000000<br /> [ 1.686882] x23: 0000000000000000 x22: ffff8000106fad90<br /> [ 1.692189] x21: 000000000000000a x20: ffff0000c0048500<br /> [ 1.697496] x19: ffff0000c0048500 x18: ffffffffffffffff<br /> [ 1.702804] x17: 0000000000000000 x16: 0000000000000000<br /> [ 1.708112] x15: ffff800011460300 x14: fffffffffffe0000<br /> [ 1.713420] x13: ffff8000114602d8 x12: 0720072007200720<br /> [ 1.718727] x11: 0720072007200720 x10: 0720072007200720<br /> [ 1.724035] x9 : ffff800011b9bbe0 x8 : ffff800011b9bbe0<br /> [ 1.729342] x7 : 0000000000000009 x6 : ffff8000114b8328<br /> [ 1.734649] x5 : 0000000000000000 x4 : 0000000000000000<br /> [ 1.739956] x3 : 00000000ffffffff x2 : ffff800011460298<br /> [ 1.745263] x1 : 1af1d7de276f4500 x0 : 0000000000000000<br /> [ 1.750572] Call trace:<br /> [ 1.753010] clk_core_disable+0xb0/0xb8<br /> [ 1.756840] clk_core_disable_lock+0x24/0x40<br /> [ 1.761105] clk_disable+0x20/0x30<br /> [ 1.764501] mtk_iommu_runtime_suspend+0x88/0xa8<br /> [ 1.769114] pm_generic_runtime_suspend+0x2c/0x48<br /> [ 1.773815] __rpm_callback+0xe0/0x178<br /> [ 1.777559] rpm_callback+0x24/0x88<br /> [ 1.781041] rpm_suspend+0xdc/0x470<br /> [ 1.784523] rpm_idle+0x12c/0x170<br /> [ 1.787831] pm_runtime_work+0xa8/0xc0<br /> [ 1.791573] process_one_work+0x1e8/0x360<br /> [ 1.795580] worker_thread+0x44/0x478<br /> [ 1.799237] kthread+0x150/0x158<br /> [ 1.802460] ret_from_fork+0x10/0x30<br /> [ 1.806034] ---[ end trace 82402920ef64573b ]---<br /> [ 1.810728] ------------[ cut here ]------------<br /> <br /> In addition, we now don&amp;#39;t need to enable the clock from the<br /> function mtk_iommu_hw_init since it is already enabled by the resume.
Severidad: Pendiente de análisis
Última modificación:
28/02/2024

CVE-2021-47026

Fecha de publicación:
28/02/2024
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/rtrs-clt: destroy sysfs after removing session from active list<br /> <br /> A session can be removed dynamically by sysfs interface "remove_path" that<br /> eventually calls rtrs_clt_remove_path_from_sysfs function. The current<br /> rtrs_clt_remove_path_from_sysfs first removes the sysfs interfaces and<br /> frees sess-&gt;stats object. Second it removes the session from the active<br /> list.<br /> <br /> Therefore some functions could access non-connected session and access the<br /> freed sess-&gt;stats object even-if they check the session status before<br /> accessing the session.<br /> <br /> For instance rtrs_clt_request and get_next_path_min_inflight check the<br /> session status and try to send IO to the session. The session status<br /> could be changed when they are trying to send IO but they could not catch<br /> the change and update the statistics information in sess-&gt;stats object,<br /> and generate use-after-free problem.<br /> (see: "RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its<br /> stats")<br /> <br /> This patch changes the rtrs_clt_remove_path_from_sysfs to remove the<br /> session from the active session list and then destroy the sysfs<br /> interfaces.<br /> <br /> Each function still should check the session status because closing or<br /> error recovery paths can change the status.
Severidad: Pendiente de análisis
Última modificación:
28/02/2024

CVE-2021-47027

Fecha de publicación:
28/02/2024
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7921: fix kernel crash when the firmware fails to download<br /> <br /> Fix kernel crash when the firmware is missing or fails to download.<br /> <br /> [ 9.444758] kernel BUG at drivers/pci/msi.c:375!<br /> [ 9.449363] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP<br /> [ 9.501033] pstate: a0400009 (NzCv daif +PAN -UAO)<br /> [ 9.505814] pc : free_msi_irqs+0x180/0x184<br /> [ 9.509897] lr : free_msi_irqs+0x40/0x184<br /> [ 9.513893] sp : ffffffc015193870<br /> [ 9.517194] x29: ffffffc015193870 x28: 00000000f0e94fa2<br /> [ 9.522492] x27: 0000000000000acd x26: 000000000000009a<br /> [ 9.527790] x25: ffffffc0152cee58 x24: ffffffdbb383e0d8<br /> [ 9.533087] x23: ffffffdbb38628d0 x22: 0000000000040200<br /> [ 9.538384] x21: ffffff8cf7de7318 x20: ffffff8cd65a2480<br /> [ 9.543681] x19: ffffff8cf7de7000 x18: 0000000000000000<br /> [ 9.548979] x17: ffffff8cf9ca03b4 x16: ffffffdc13ad9a34<br /> [ 9.554277] x15: 0000000000000000 x14: 0000000000080800<br /> [ 9.559575] x13: ffffff8cd65a2980 x12: 0000000000000000<br /> [ 9.564873] x11: ffffff8cfa45d820 x10: ffffff8cfa45d6d0<br /> [ 9.570171] x9 : 0000000000000040 x8 : ffffff8ccef1b780<br /> [ 9.575469] x7 : aaaaaaaaaaaaaaaa x6 : 0000000000000000<br /> [ 9.580766] x5 : ffffffdc13824900 x4 : ffffff8ccefe0000<br /> [ 9.586063] x3 : 0000000000000000 x2 : 0000000000000000<br /> [ 9.591362] x1 : 0000000000000125 x0 : ffffff8ccefe0000<br /> [ 9.596660] Call trace:<br /> [ 9.599095] free_msi_irqs+0x180/0x184<br /> [ 9.602831] pci_disable_msi+0x100/0x130<br /> [ 9.606740] pci_free_irq_vectors+0x24/0x30<br /> [ 9.610915] mt7921_pci_probe+0xbc/0x250 [mt7921e]<br /> [ 9.615693] pci_device_probe+0xd4/0x14c<br /> [ 9.619604] really_probe+0x134/0x2ec<br /> [ 9.623252] driver_probe_device+0x64/0xfc<br /> [ 9.627335] device_driver_attach+0x4c/0x6c<br /> [ 9.631506] __driver_attach+0xac/0xc0<br /> [ 9.635243] bus_for_each_dev+0x8c/0xd4<br /> [ 9.639066] driver_attach+0x2c/0x38<br /> [ 9.642628] bus_add_driver+0xfc/0x1d0<br /> [ 9.646365] driver_register+0x64/0xf8<br /> [ 9.650101] __pci_register_driver+0x6c/0x7c<br /> [ 9.654360] init_module+0x28/0xfdc [mt7921e]<br /> [ 9.658704] do_one_initcall+0x13c/0x2d0<br /> [ 9.662615] do_init_module+0x58/0x1e8<br /> [ 9.666351] load_module+0xd80/0xeb4<br /> [ 9.669912] __arm64_sys_finit_module+0xa8/0xe0<br /> [ 9.674430] el0_svc_common+0xa4/0x16c<br /> [ 9.678168] el0_svc_compat_handler+0x2c/0x40<br /> [ 9.682511] el0_svc_compat+0x8/0x10<br /> [ 9.686076] Code: a94257f6 f9400bf7 a8c47bfd d65f03c0 (d4210000)<br /> [ 9.692155] ---[ end trace 7621f966afbf0a29 ]---<br /> [ 9.697385] Kernel panic - not syncing: Fatal exception<br /> [ 9.702599] SMP: stopping secondary CPUs<br /> [ 9.706549] Kernel Offset: 0x1c03600000 from 0xffffffc010000000<br /> [ 9.712456] PHYS_OFFSET: 0xfffffff440000000<br /> [ 9.716625] CPU features: 0x080026,2a80aa18<br /> [ 9.720795] Memory Limit: none
Severidad: Pendiente de análisis
Última modificación:
28/02/2024

CVE-2021-47029

Fecha de publicación:
28/02/2024
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: connac: fix kernel warning adding monitor interface<br /> <br /> Fix the following kernel warning adding a monitor interface in<br /> mt76_connac_mcu_uni_add_dev routine.<br /> <br /> [ 507.984882] ------------[ cut here ]------------<br /> [ 507.989515] WARNING: CPU: 1 PID: 3017 at mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib]<br /> [ 508.059379] CPU: 1 PID: 3017 Comm: ifconfig Not tainted 5.4.98 #0<br /> [ 508.065461] Hardware name: MT7622_MT7531 RFB (DT)<br /> [ 508.070156] pstate: 80000005 (Nzcv daif -PAN -UAO)<br /> [ 508.074939] pc : mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib]<br /> [ 508.081806] lr : mt7921_eeprom_init+0x1288/0x1cb8 [mt7921e]<br /> [ 508.087367] sp : ffffffc013a33930<br /> [ 508.090671] x29: ffffffc013a33930 x28: ffffff801e628ac0<br /> [ 508.095973] x27: ffffff801c7f1200 x26: ffffff801c7eb008<br /> [ 508.101275] x25: ffffff801c7eaef0 x24: ffffff801d025610<br /> [ 508.106577] x23: ffffff801d022990 x22: ffffff801d024de8<br /> [ 508.111879] x21: ffffff801d0226a0 x20: ffffff801c7eaee8<br /> [ 508.117181] x19: ffffff801d0226a0 x18: 000000005d00b000<br /> [ 508.122482] x17: 00000000ffffffff x16: 0000000000000000<br /> [ 508.127785] x15: 0000000000000080 x14: ffffff801d704000<br /> [ 508.133087] x13: 0000000000000040 x12: 0000000000000002<br /> [ 508.138389] x11: 000000000000000c x10: 0000000000000000<br /> [ 508.143691] x9 : 0000000000000020 x8 : 0000000000000001<br /> [ 508.148992] x7 : 0000000000000000 x6 : 0000000000000000<br /> [ 508.154294] x5 : ffffff801c7eaee8 x4 : 0000000000000006<br /> [ 508.159596] x3 : 0000000000000001 x2 : 0000000000000000<br /> [ 508.164898] x1 : ffffff801c7eac08 x0 : ffffff801d0226a0<br /> [ 508.170200] Call trace:<br /> [ 508.172640] mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib]<br /> [ 508.179159] mt7921_eeprom_init+0x1288/0x1cb8 [mt7921e]<br /> [ 508.184394] drv_add_interface+0x34/0x88 [mac80211]<br /> [ 508.189271] ieee80211_add_virtual_monitor+0xe0/0xb48 [mac80211]<br /> [ 508.195277] ieee80211_do_open+0x86c/0x918 [mac80211]<br /> [ 508.200328] ieee80211_do_open+0x900/0x918 [mac80211]<br /> [ 508.205372] __dev_open+0xcc/0x150<br /> [ 508.208763] __dev_change_flags+0x134/0x198<br /> [ 508.212937] dev_change_flags+0x20/0x60<br /> [ 508.216764] devinet_ioctl+0x3e8/0x748<br /> [ 508.220503] inet_ioctl+0x1e4/0x350<br /> [ 508.223983] sock_do_ioctl+0x48/0x2a0<br /> [ 508.227635] sock_ioctl+0x310/0x4f8<br /> [ 508.231116] do_vfs_ioctl+0xa4/0xac0<br /> [ 508.234681] ksys_ioctl+0x44/0x90<br /> [ 508.237985] __arm64_sys_ioctl+0x1c/0x48<br /> [ 508.241901] el0_svc_common.constprop.1+0x7c/0x100<br /> [ 508.246681] el0_svc_handler+0x18/0x20<br /> [ 508.250421] el0_svc+0x8/0x1c8<br /> [ 508.253465] ---[ end trace c7b90fee13d72c39 ]---<br /> [ 508.261278] ------------[ cut here ]------------
Severidad: Pendiente de análisis
Última modificación:
28/02/2024

CVE-2021-47034

Fecha de publicación:
28/02/2024
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/64s: Fix pte update for kernel memory on radix<br /> <br /> When adding a PTE a ptesync is needed to order the update of the PTE<br /> with subsequent accesses otherwise a spurious fault may be raised.<br /> <br /> radix__set_pte_at() does not do this for performance gains. For<br /> non-kernel memory this is not an issue as any faults of this kind are<br /> corrected by the page fault handler. For kernel memory these faults<br /> are not handled. The current solution is that there is a ptesync in<br /> flush_cache_vmap() which should be called when mapping from the<br /> vmalloc region.<br /> <br /> However, map_kernel_page() does not call flush_cache_vmap(). This is<br /> troublesome in particular for code patching with Strict RWX on radix.<br /> In do_patch_instruction() the page frame that contains the instruction<br /> to be patched is mapped and then immediately patched. With no ordering<br /> or synchronization between setting up the PTE and writing to the page<br /> it is possible for faults.<br /> <br /> As the code patching is done using __put_user_asm_goto() the resulting<br /> fault is obscured - but using a normal store instead it can be seen:<br /> <br /> BUG: Unable to handle kernel data access on write at 0xc008000008f24a3c<br /> Faulting instruction address: 0xc00000000008bd74<br /> Oops: Kernel access of bad area, sig: 11 [#1]<br /> LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV<br /> Modules linked in: nop_module(PO+) [last unloaded: nop_module]<br /> CPU: 4 PID: 757 Comm: sh Tainted: P O 5.10.0-rc5-01361-ge3c1b78c8440-dirty #43<br /> NIP: c00000000008bd74 LR: c00000000008bd50 CTR: c000000000025810<br /> REGS: c000000016f634a0 TRAP: 0300 Tainted: P O (5.10.0-rc5-01361-ge3c1b78c8440-dirty)<br /> MSR: 9000000000009033 CR: 44002884 XER: 00000000<br /> CFAR: c00000000007c68c DAR: c008000008f24a3c DSISR: 42000000 IRQMASK: 1<br /> <br /> This results in the kind of issue reported here:<br /> https://lore.kernel.org/linuxppc-dev/15AC5B0E-A221-4B8C-9039-FA96B8EF7C88@lca.pw/<br /> <br /> Chris Riedl suggested a reliable way to reproduce the issue:<br /> $ mount -t debugfs none /sys/kernel/debug<br /> $ (while true; do echo function &gt; /sys/kernel/debug/tracing/current_tracer ; echo nop &gt; /sys/kernel/debug/tracing/current_tracer ; done) &amp;<br /> <br /> Turning ftrace on and off does a large amount of code patching which<br /> in usually less then 5min will crash giving a trace like:<br /> <br /> ftrace-powerpc: (____ptrval____): replaced (4b473b11) != old (60000000)<br /> ------------[ ftrace bug ]------------<br /> ftrace failed to modify<br /> [] napi_busy_loop+0xc/0x390<br /> actual: 11:3b:47:4b<br /> Setting ftrace call site to call ftrace function<br /> ftrace record flags: 80000001<br /> (1)<br /> expected tramp: c00000000006c96c<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 4 PID: 809 at kernel/trace/ftrace.c:2065 ftrace_bug+0x28c/0x2e8<br /> Modules linked in: nop_module(PO-) [last unloaded: nop_module]<br /> CPU: 4 PID: 809 Comm: sh Tainted: P O 5.10.0-rc5-01360-gf878ccaf250a #1<br /> NIP: c00000000024f334 LR: c00000000024f330 CTR: c0000000001a5af0<br /> REGS: c000000004c8b760 TRAP: 0700 Tainted: P O (5.10.0-rc5-01360-gf878ccaf250a)<br /> MSR: 900000000282b033 CR: 28008848 XER: 20040000<br /> CFAR: c0000000001a9c98 IRQMASK: 0<br /> GPR00: c00000000024f330 c000000004c8b9f0 c000000002770600 0000000000000022<br /> GPR04: 00000000ffff7fff c000000004c8b6d0 0000000000000027 c0000007fe9bcdd8<br /> GPR08: 0000000000000023 ffffffffffffffd8 0000000000000027 c000000002613118<br /> GPR12: 0000000000008000 c0000007fffdca00 0000000000000000 0000000000000000<br /> GPR16: 0000000023ec37c5 0000000000000000 0000000000000000 0000000000000008<br /> GPR20: c000000004c8bc90 c0000000027a2d20 c000000004c8bcd0 c000000002612fe8<br /> GPR24: 0000000000000038 0000000000000030 0000000000000028 0000000000000020<br /> GPR28: c000000000ff1b68 c000000000bf8e5c c00000000312f700 c000000000fbb9b0<br /> NIP ftrace_bug+0x28c/0x2e8<br /> LR ftrace_bug+0x288/0x2e8<br /> Call T<br /> ---truncated---
Severidad: Pendiente de análisis
Última modificación:
28/02/2024

Go top