Errata ALT-PU-2021-3073-1: Information
Fixes
Published: July 20, 2021
BDU:2021-03848
Уязвимость компонента fs/seq_file.c ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 21, 2021
BDU:2021-04027
Уязвимость функции hso_free_net_device драйвера /net/usb/hso.c ядра операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность
Severity: MEDIUM (6.4) Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 26, 2021
BDU:2021-04028
Уязвимость функции rtas_args.nargs драйвера arch/powerpc/kvm/book3s_rtas.c ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти операционной системы хоста
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 20, 2021
BDU:2021-04561
Уязвимость ядра операционной системы Linux, связанная с ошибками инициализации памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 25, 2021
BDU:2021-04710
Уязвимость функции strlen компонента fs/nfsd/trace.h ядра операционной системы Linux, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 9, 2021
BDU:2021-04711
Уязвимость функции xdr_set_page_base компонента net/sunrpc/xdr.c ядра операционной системы Linux, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 4, 2021
BDU:2021-04825
Уязвимость функции bpf_ringbuf_reserve() ядра операционной системы Linux , связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код в контексте ядра
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 2, 2021
BDU:2021-04840
Уязвимость ядра операционной системы Linux , связанная с раскрытием информации через несоответствие, позволяющая нарушителю прочитать часть памяти ядра
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: June 4, 2021
BDU:2021-04842
Уязвимость подсистемы eBPF ядра операционной системы Linux , связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код в контексте ядра
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 2, 2021
BDU:2021-04845
Уязвимость ядра операционной системы Linux , связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить конфиденциальную информацию
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Aug. 7, 2021
BDU:2021-04848
Уязвимость драйвера drivers/char/virtio_console.c ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение стека
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 7, 2021
BDU:2021-04849
Уязвимость компонента kernel/bpf/hashtab.c ядра операционной системы Linux , связанная с записью за границами буфера в памяти, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2021
BDU:2021-04851
Уязвимость компонента drivers/usb/host/max3421-hcd.c ядра операционной системы Linux , связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.8) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2021
BDU:2021-04852
Уязвимость компонента drivers/net/ethernet/xilinx/xilinx_emaclite.c ядра операционной системы Linux, позволяющая нарушителю взломать механизм защиты ASLR
Severity: LOW (3.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Links:
Published: Sept. 3, 2021
BDU:2021-04853
Уязвимость функции ext4_write_inline_data_end (fs/ext4/inline.c) ядра операционной системы Linux, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2021
BDU:2021-04864
Уязвимость реализации btrfs операционной системы Linux связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 20, 2021
BDU:2021-05536
Уязвимость реализации функции check_map_func_compatibility() ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: May 29, 2021
BDU:2022-00595
Уязвимость реализации протокола IPv6 ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Sept. 28, 2021
BDU:2022-00682
Уязвимость подсистемы виртуализации KVM ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 11, 2021
BDU:2022-00789
Уязвимость функции rtsx_usb_ms_drv_remove компонента memstick ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность информации
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 17, 2021
BDU:2022-02696
Уязвимость функции copy_page_to_iter() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Sept. 9, 2022
BDU:2022-05655
Уязвимость драйвера vmwgfx (drivers/gpu/vmxgfx/vmxgfx_kms.c) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
Links:
Published: July 14, 2021
BDU:2022-05676
Уязвимость функции cgroup1_parse_param компонента kernel/cgroup/cgroup-v1.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Aug. 13, 2021
BDU:2022-05781
Уязвимость функции decode_data компонента drivers/net/hamradio/6pack.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 7, 2022
BDU:2022-06017
Уязвимость реализации функции take_rmap_locks() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: March 23, 2023
BDU:2023-01796
Уязвимость функции seq_buf_putmem_hex() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 20, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-33909
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://www.openwall.com/lists/oss-security/2021/07/20/1
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
- DSA-4941
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- [oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html
- https://security.netapp.com/advisory/ntap-20210819-0004/
- [oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
- FEDORA-2021-07dc0b3eb1
Published: Aug. 2, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
- http://www.openwall.com/lists/oss-security/2021/08/01/3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- FEDORA-2021-4d4d3866ca
- FEDORA-2021-54ee631709
Published: Jan. 25, 2022
Modified: March 1, 2023
Modified: March 1, 2023
CVE-2021-34866
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 4, 2021
Modified: Sept. 14, 2021
Modified: Sept. 14, 2021
CVE-2021-3489
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.zerodayinitiative.com/advisories/ZDI-21-590/
- https://ubuntu.com/security/notices/USN-4949-1
- https://ubuntu.com/security/notices/USN-4950-1
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
- [oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation
- https://security.netapp.com/advisory/ntap-20210716-0004/
Published: June 4, 2021
Modified: Sept. 14, 2021
Modified: Sept. 14, 2021
CVE-2021-3490
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://ubuntu.com/security/notices/USN-4949-1
- https://www.zerodayinitiative.com/advisories/ZDI-21-606/
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e
- https://ubuntu.com/security/notices/USN-4950-1
- [oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking
- https://security.netapp.com/advisory/ntap-20210716-0004/
- http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html
Published: Aug. 2, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-35477
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
- https://www.openwall.com/lists/oss-security/2021/08/01/3
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- FEDORA-2021-4d4d3866ca
- FEDORA-2021-54ee631709
Published: Sept. 29, 2021
Modified: May 16, 2023
Modified: May 16, 2023
CVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2021/08/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1983686
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
Published: July 21, 2021
Modified: March 25, 2024
Modified: March 25, 2024
CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
Severity: MEDIUM (6.4) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.spinics.net/lists/linux-usb/msg202228.html
- https://security.netapp.com/advisory/ntap-20210819-0003/
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145
- https://bugzilla.suse.com/show_bug.cgi?id=1188601
Published: July 27, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-37576
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
- [oss-security] 20210727 Re: Linux kernel: powerpc: KVM guest to host memory corruption
- https://security.netapp.com/advisory/ntap-20210917-0005/
- DSA-4978
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
- FEDORA-2021-817b3d47d2
- FEDORA-2021-12618d9b08
Published: Feb. 16, 2022
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 7, 2021
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2021-38160
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46
- https://access.redhat.com/security/cve/cve-2021-38160
- https://security.netapp.com/advisory/ntap-20210902-0010/
- DSA-4978
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
Published: Aug. 7, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-38166
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2021
Modified: Dec. 21, 2021
Modified: Dec. 21, 2021
CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c
- https://security.netapp.com/advisory/ntap-20210902-0010/
- DSA-4978
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
Published: Aug. 8, 2021
Modified: April 23, 2024
Modified: April 23, 2024
CVE-2021-38201
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 8, 2021
Modified: Oct. 7, 2021
Modified: Oct. 7, 2021
CVE-2021-38202
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 8, 2021
Modified: May 3, 2022
Modified: May 3, 2022
CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 8, 2021
Modified: Jan. 4, 2022
Modified: Jan. 4, 2022
CVE-2021-38204
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2021
Modified: Jan. 4, 2022
Modified: Jan. 4, 2022
CVE-2021-38205
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Links:
Published: Sept. 3, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-40490
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- DSA-4978
- https://security.netapp.com/advisory/ntap-20211004-0001/
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
- FEDORA-2021-4ca1b080bb
- FEDORA-2021-60f1d2eba1
Published: Feb. 5, 2022
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2021-4154
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002
- https://security.netapp.com/advisory/ntap-20220225-0004/
Published: Oct. 5, 2021
Modified: May 12, 2023
Modified: May 12, 2023
CVE-2021-42008
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793
- https://www.youtube.com/watch?v=d5f9xLK8Vhw
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13
- https://security.netapp.com/advisory/ntap-20211104-0002/
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
Published: Dec. 25, 2021
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://arxiv.org/pdf/2112.09604.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
- https://security.netapp.com/advisory/ntap-20220121-0001/
- https://www.oracle.com/security-alerts/cpujul2022.html
Published: Feb. 5, 2022
Modified: April 30, 2022
Modified: April 30, 2022
CVE-2022-0487
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=2044561
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- DSA-5096
- DSA-5095
Published: Aug. 29, 2022
Modified: Oct. 5, 2023
Modified: Oct. 5, 2023
CVE-2022-0850
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Aug. 29, 2022
Modified: Feb. 2, 2023
Modified: Feb. 2, 2023
CVE-2022-1043
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/a30f895ad3239f45012e860d4f94c1a388b36d14
- https://bugzilla.redhat.com/show_bug.cgi?id=1997328
- https://www.zerodayinitiative.com/advisories/ZDI-22-362/
- https://access.redhat.com/security/cve/CVE-2022-1043
- http://packetstormsecurity.com/files/170834/io_uring-Same-Type-Object-Reuse-Privilege-Escalation.html
Published: Sept. 9, 2022
Modified: May 3, 2023
Modified: May 3, 2023
CVE-2022-36280
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 21, 2022
Modified: July 21, 2023
Modified: July 21, 2023
CVE-2022-41222
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
- http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- https://security.netapp.com/advisory/ntap-20230214-0008/
- http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html
Published: March 23, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-28772
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7
- https://security.netapp.com/advisory/ntap-20230427-0005/
- https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/
- https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com