ALT-BU-2021-3814-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-00206
Уязвимость расширения key_share библиотеки безопасности транспортного уровня GnuTLS, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-00220
Уязвимость функции client_send_params компонента lib/ext/pre_shared_key.c библиотеки безопасности транспортного уровня GnuTLS, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
- https://bugzilla.redhat.com/show_bug.cgi?id=1922276
- https://bugzilla.redhat.com/show_bug.cgi?id=1922276
- [spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- FEDORA-2021-18bef34f05
- FEDORA-2021-18bef34f05
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
Modified: 2024-11-21
CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
- https://bugzilla.redhat.com/show_bug.cgi?id=1922275
- https://bugzilla.redhat.com/show_bug.cgi?id=1922275
- [spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- [spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
- FEDORA-2021-18bef34f05
- FEDORA-2021-18bef34f05
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
Package kernel-image-std-debug updated to version 5.4.107-alt1 for branch sisyphus in task 268218.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-2308
User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Package kernel-image-std-pae updated to version 5.4.107-alt1 for branch sisyphus in task 268228.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-2308
User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Package kernel-image-std-def updated to version 5.4.107-alt1 for branch sisyphus in task 268224.
Closed vulnerabilities
BDU:2021-01688
Уязвимость функции rtw_wx_set_scan() (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-04833
Уязвимость функции fastrpc_internal_invoke (drivers/misc/fastrpc.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольную команду управления
Modified: 2024-11-21
CVE-2019-2308
User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Modified: 2024-11-21
CVE-2021-28375
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
- https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6
- https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6
- FEDORA-2021-90083c9c0f
- FEDORA-2021-90083c9c0f
- FEDORA-2021-bb755ed5e3
- FEDORA-2021-bb755ed5e3
- FEDORA-2021-14f6642aa6
- FEDORA-2021-14f6642aa6
- https://lore.kernel.org/stable/YD03ew7+6v0XPh6l%40kroah.com/
- https://lore.kernel.org/stable/YD03ew7+6v0XPh6l%40kroah.com/
- https://security.netapp.com/advisory/ntap-20210401-0003/
- https://security.netapp.com/advisory/ntap-20210401-0003/
Modified: 2024-11-21
CVE-2021-28660
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
- [oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c
- [oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c
- [oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c
- [oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-bb755ed5e3
- FEDORA-2021-bb755ed5e3
- https://security.netapp.com/advisory/ntap-20210507-0008/
- https://security.netapp.com/advisory/ntap-20210507-0008/
Package kernel-image-un-def updated to version 5.11.8-alt1 for branch sisyphus in task 268233.
Closed vulnerabilities
BDU:2021-01865
Уязвимость файла kernel/bpf/verifier.c ядра операционной системы Linux, позволяющая нарушителю получить получить несанкционированный доступ к защищаемой информации
BDU:2021-01874
Уязвимость файла kernel/bpf/verifier.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01875
Уязвимость файла fs/fuse/fuse_i.h ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-27170
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- [oss-security] 20210324 Re: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory
- [oss-security] 20210324 Re: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- FEDORA-2021-e49da8a226
- FEDORA-2021-e49da8a226
- FEDORA-2021-f0181b8085
- FEDORA-2021-f0181b8085
- FEDORA-2021-9503fffad9
- FEDORA-2021-9503fffad9
- https://www.openwall.com/lists/oss-security/2021/03/19/2
- https://www.openwall.com/lists/oss-security/2021/03/19/2
Modified: 2024-11-21
CVE-2020-27171
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- [oss-security] 20210324 Re: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory
- [oss-security] 20210324 Re: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- FEDORA-2021-e49da8a226
- FEDORA-2021-e49da8a226
- FEDORA-2021-f0181b8085
- FEDORA-2021-f0181b8085
- FEDORA-2021-9503fffad9
- FEDORA-2021-9503fffad9
- https://www.openwall.com/lists/oss-security/2021/03/19/3
- https://www.openwall.com/lists/oss-security/2021/03/19/3
Modified: 2024-11-21
CVE-2021-28950
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=775c5033a0d164622d9d10dd0f0a5531639ed3ed
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=775c5033a0d164622d9d10dd0f0a5531639ed3ed
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- FEDORA-2021-e49da8a226
- FEDORA-2021-e49da8a226
- FEDORA-2021-f0181b8085
- FEDORA-2021-f0181b8085
- DSA-5096
- DSA-5096