ALT Linux Team

Branch p9 update on 2021-04-10

2021-04-10

ALT-BU-2021-3844-1

Branch p9 update bulletin.

ALT-PU-2021-1618-1

Package kernel-image-rpi-un updated to version 5.10.27-alt1 for branch p9 in task 269238.

Closed vulnerabilities

Published: 2021-03-10

BDU:2021-01688

Уязвимость функции rtw_wx_set_scan() (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-14

BDU:2021-01827

Уязвимость реализации функции vhost_vdpa_config_put() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-15

BDU:2021-04833

Уязвимость функции fastrpc_internal_invoke (drivers/misc/fastrpc.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольную команду управления

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-15
Modified: 2024-11-21

CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-17
Modified: 2024-11-21

CVE-2021-28660

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-27
Modified: 2024-11-21

CVE-2021-29266

An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #39767

Собрать с поддержкой PPS

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top