CVE entries added to our database this week

Pavel Machek


I tried to get a list of new CVE entries that are not yet in our
databases... and this is the result.

Many of the issues are pretty old, and I'm not sure how to search for
patches fixing each issue, so this may not be too useful.

Best regards,

* 2021-06-01

CVE-2005-3660 -- 0 -- DoS with memory consumed by file descriptors.
CVE-2007-3719 -- 0 -- DoS with process scheduler.
CVE-2008-2544 -- /proc is suprisingly rw
CVE-2008-4609 -- cross platform TCP DoS.
CVE-2010-4563 -- allows detection of tcpdump / sniffing
CVE-2010-5321 -- 1 -- old DoS in video4linux
CVE-2011-4917 -- "Minor info leak, unlikely to be fixed upstream"
CVE-2012-4542 -- 1 -- scsi SG IO ioctl allows surprising access
CVE-2015-2877 -- 0 -- samepage merging may break ASLR
CVE-2020-0347 -- 2 -- iptables bounds check
CVE-2020-26555 CVE-2020-26558 -- BR/EDR pin code pairing broken
CVE-2020-26556 CVE-2020-26557 CVE-2020-26559 CVE-2020-26560 -- bluetooth mesh
CVE-2021-22543 -- KVM memory not read only

CVE-2015-1350 -- 3 -- DoS allowing unpriviledged users to remove capabilities, sounds nasty?
CVE-2015-8952 -- DoS on ext2/4 + ceph + samba
CVE-2016-5728 -- 3 -- drivers/misc/mic/vop/vop_vringh.c in the MIC VOP
CVE-2018-9465 -- binder use after free (from 2018?)
CVE-2019-2025 -- binder use after free
CVE-2020-0435 -- Bad candidate number.

DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join to automatically receive all group messages.