ALT-BU-2021-3885-1
Branch p9 update bulletin.
Closed vulnerabilities
BDU:2021-01934
Уязвимость элемента управления TabStrip (панели вкладок) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01935
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01936
Уязвимость функции захват экрана (Screen Capture) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01937
Уязвимость элемента управления TabStrip (панели вкладок) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01938
Уязвимость расширения Aura браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01939
Уязвимость реализации технологии IPC браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2021-21194
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1181228
- https://crbug.com/1181228
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21195
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1182647
- https://crbug.com/1182647
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21196
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1175992
- https://crbug.com/1175992
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21197
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1173903
- https://crbug.com/1173903
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21198
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- http://packetstormsecurity.com/files/162973/Chrome-Legacy-ipc-Message-Passed-Via-Shared-Memory.html
- http://packetstormsecurity.com/files/162973/Chrome-Legacy-ipc-Message-Passed-Via-Shared-Memory.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1184399
- https://crbug.com/1184399
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21199
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1179635
- https://crbug.com/1179635
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Package kernel-image-std-pae updated to version 5.4.108-alt2 for branch p9 in task 268508.
Closed vulnerabilities
BDU:2015-05303
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05304
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05305
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05306
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05307
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05308
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05309
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05310
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05311
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05312
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05313
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05314
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05315
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
BDU:2015-05542
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-05543
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2019-02194
Уязвимость механизма TCP Selective Acknowledgement ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-02195
Уязвимость механизма TCP Selective Acknowledgement ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-02196
Уязвимость ядра операционной системы Linux, вызванная ошибками при обработке сегментов минимального размера, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-04677
Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
BDU:2019-04798
Уязвимость функции add_ie_rates (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2019-04799
Уязвимость функции mwifiex_process_country_ie() (drivers/net/wireless/marvell/mwifiex/sta_ioctl.c) драйвера Marvell WiFi ядра операционной системы Linux, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2019-04855
Уязвимость функции ext4_empty_dir (fs/ext4/namei.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00158
Уязвимость функции nfp_abm_u32_knode_replace() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00304
Уязвимость функции try_merge_free_space ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2020-00338
Уязвимость функции perf_trace_lock_acquire ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00347
Уязвимость функции debugfs_remove ядра операционной системы Linux, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
BDU:2020-00785
Уязвимость функции vc_do_resize ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2020-00786
Уязвимость функции vgacon_invert_region ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2020-00787
Уязвимость функции n_tty_receive_buf_common ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2020-00851
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2020-00884
Уязвимость микропрограммного обеспечения процессоров Intel c Intel Processor Graphics, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2020-01488
Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
BDU:2020-01490
Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
BDU:2020-01796
Уязвимость функции lbs_ibss_join_existing (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-02944
Уязвимость компонентов arch/powerpc/kernel/entry_64.S и arch/powerpc/kernel/security.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации
BDU:2020-03819
Уязвимость функции enable_sacf_uaccess ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05831
Уязвимость ядра операционной системы Linux, связанная с использованием памяти после её освобождения, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2020-05893
Уязвимость запроса гипервизора KVM KVM_GET_EMULATED_CPUID ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
BDU:2021-00471
Уязвимость драйвера VFIO PCI ядра операционной системы Linux, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-02587
Уязвимость драйверов drivers/target/target_core_xcopy.c ядра операционной системы Linux, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных
BDU:2021-02982
Уязвимость реализации системного вызова (/proc/pid/syscall) ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03394
Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
BDU:2021-03412
Уязвимость ядра операционной системы Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2021-06410
Уязвимость компонента mm/mremap.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю повысить свои привилегии в системе
BDU:2022-05179
Уязвимость функции btrfs_queue_work ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-00700
Уязвимость функции vgacon_scrollback_cur() видеодрайвера ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2013-1798
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55
- openSUSE-SU-2013:0847
- openSUSE-SU-2013:0847
- openSUSE-SU-2013:0925
- openSUSE-SU-2013:0925
- openSUSE-SU-2013:1187
- openSUSE-SU-2013:1187
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- RHSA-2013:0727
- RHSA-2013:0727
- RHSA-2013:0744
- RHSA-2013:0744
- RHSA-2013:0746
- RHSA-2013:0746
- RHSA-2013:0928
- RHSA-2013:0928
- RHSA-2013:1026
- RHSA-2013:1026
- MDVSA-2013:176
- MDVSA-2013:176
- [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
- [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
- USN-1809-1
- USN-1809-1
- USN-1812-1
- USN-1812-1
- USN-1813-1
- USN-1813-1
- https://bugzilla.redhat.com/show_bug.cgi?id=917017
- https://bugzilla.redhat.com/show_bug.cgi?id=917017
- https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55
- https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55
Modified: 2024-11-21
CVE-2019-11477
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
- [oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues
- [oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- RHSA-2019:1594
- RHSA-2019:1594
- RHSA-2019:1602
- RHSA-2019:1602
- RHSA-2019:1699
- RHSA-2019:1699
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://support.f5.com/csp/article/K78234183
- https://support.f5.com/csp/article/K78234183
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- VU#905115
- VU#905115
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
Modified: 2024-11-21
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
- http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- RHSA-2019:1594
- RHSA-2019:1594
- RHSA-2019:1602
- RHSA-2019:1602
- RHSA-2019:1699
- RHSA-2019:1699
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
- 20190722 [SECURITY] [DSA 4484-1] linux security update
- 20190722 [SECURITY] [DSA 4484-1] linux security update
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://support.f5.com/csp/article/K26618426
- https://support.f5.com/csp/article/K26618426
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- VU#905115
- VU#905115
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
Modified: 2024-11-21
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- 108818
- 108818
- RHSA-2019:1594
- RHSA-2019:1594
- RHSA-2019:1602
- RHSA-2019:1602
- RHSA-2019:1699
- RHSA-2019:1699
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://support.f5.com/csp/article/K35421172
- https://support.f5.com/csp/article/K35421172
- https://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSS
- USN-4041-1
- USN-4041-1
- USN-4041-2
- USN-4041-2
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- VU#905115
- VU#905115
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://www.us-cert.gov/ics/advisories/icsma-20-170-06
- https://www.us-cert.gov/ics/advisories/icsma-20-170-06
Modified: 2024-11-21
CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- 20200324 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
- 20200324 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://support.apple.com/kb/HT211100
- https://support.apple.com/kb/HT211100
- USN-4253-1
- USN-4253-1
- USN-4253-2
- USN-4253-2
- USN-4254-1
- USN-4254-1
- USN-4254-2
- USN-4254-2
- USN-4255-1
- USN-4255-1
- USN-4255-2
- USN-4255-2
- USN-4284-1
- USN-4284-1
- USN-4285-1
- USN-4285-1
- USN-4286-1
- USN-4286-1
- USN-4286-2
- USN-4286-2
- USN-4287-1
- USN-4287-1
- USN-4287-2
- USN-4287-2
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
Modified: 2024-11-21
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
- openSUSE-SU-2019:2308
- openSUSE-SU-2019:2308
- openSUSE-SU-2019:2307
- openSUSE-SU-2019:2307
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- RHSA-2019:3309
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3517
- RHSA-2019:3978
- RHSA-2019:3978
- RHSA-2019:3979
- RHSA-2019:3979
- RHSA-2019:4154
- RHSA-2019:4154
- RHSA-2019:4256
- RHSA-2019:4256
- RHSA-2020:0027
- RHSA-2020:0027
- RHSA-2020:0204
- RHSA-2020:0204
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- FEDORA-2019-15e141c6a7
- FEDORA-2019-15e141c6a7
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a570a92d5a
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- DSA-4531
- DSA-4531
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Modified: 2024-11-21
CVE-2019-14895
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
- openSUSE-SU-2019:2675
- openSUSE-SU-2019:2675
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- RHSA-2020:0374
- RHSA-2020:0374
- RHSA-2020:0375
- RHSA-2020:0375
- RHSA-2020:0543
- RHSA-2020:0543
- RHSA-2020:0592
- RHSA-2020:0592
- RHSA-2020:0609
- RHSA-2020:0609
- RHSA-2020:0653
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0661
- RHSA-2020:0664
- RHSA-2020:0664
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-91f6e7bb71
- USN-4225-1
- USN-4225-1
- USN-4225-2
- USN-4225-2
- USN-4226-1
- USN-4226-1
- USN-4227-1
- USN-4227-1
- USN-4227-2
- USN-4227-2
- USN-4228-1
- USN-4228-1
- USN-4228-2
- USN-4228-2
- https://www.openwall.com/lists/oss-security/2019/11/22/2
- https://www.openwall.com/lists/oss-security/2019/11/22/2
Modified: 2024-11-21
CVE-2019-14896
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-91f6e7bb71
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4225-1
- USN-4225-1
- USN-4225-2
- USN-4225-2
- USN-4226-1
- USN-4226-1
- USN-4227-1
- USN-4227-1
- USN-4227-2
- USN-4227-2
- USN-4228-1
- USN-4228-1
- USN-4228-2
- USN-4228-2
Modified: 2024-11-21
CVE-2019-14897
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-91f6e7bb71
- USN-4225-1
- USN-4225-1
- USN-4225-2
- USN-4225-2
- USN-4226-1
- USN-4226-1
- USN-4227-1
- USN-4227-1
- USN-4227-2
- USN-4227-2
- USN-4228-1
- USN-4228-1
- USN-4228-2
- USN-4228-2
Modified: 2024-11-21
CVE-2019-15030
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- http://www.openwall.com/lists/oss-security/2019/09/10/3
- http://www.openwall.com/lists/oss-security/2019/09/10/3
- RHSA-2020:0740
- RHSA-2020:0740
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4135-1
- USN-4135-1
- USN-4135-2
- USN-4135-2
Modified: 2024-11-21
CVE-2019-15031
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- http://www.openwall.com/lists/oss-security/2019/09/10/4
- http://www.openwall.com/lists/oss-security/2019/09/10/4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4135-1
- USN-4135-1
- USN-4135-2
- USN-4135-2
Modified: 2024-11-21
CVE-2019-18660
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
- openSUSE-SU-2019:2675
- openSUSE-SU-2019:2675
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20191128 CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation
- [oss-security] 20191128 CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation
- RHSA-2020:0174
- RHSA-2020:0174
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad
- FEDORA-2019-b86a7bdba0
- FEDORA-2019-b86a7bdba0
- FEDORA-2019-124a241044
- FEDORA-2019-124a241044
- 20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
- 20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4225-1
- USN-4225-1
- USN-4225-2
- USN-4225-2
- USN-4226-1
- USN-4226-1
- USN-4227-1
- USN-4227-1
- USN-4227-2
- USN-4227-2
- USN-4228-1
- USN-4228-1
- USN-4228-2
- USN-4228-2
- https://www.openwall.com/lists/oss-security/2019/11/27/1
- https://www.openwall.com/lists/oss-security/2019/11/27/1
Modified: 2024-11-21
CVE-2019-19037
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
Modified: 2024-11-21
CVE-2019-19076
A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2
- https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2
- https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca
- https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca
- https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/
- https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- USN-4209-1
- USN-4209-1
Modified: 2024-11-21
CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/
- https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/
- https://security.netapp.com/advisory/ntap-20200204-0002/
- https://security.netapp.com/advisory/ntap-20200204-0002/
- USN-4254-1
- USN-4254-1
- USN-4254-2
- USN-4254-2
- USN-4258-1
- USN-4258-1
- USN-4284-1
- USN-4284-1
- USN-4287-1
- USN-4287-1
- USN-4287-2
- USN-4287-2
- https://www.openwall.com/lists/oss-security/2019/12/16/1
- https://www.openwall.com/lists/oss-security/2019/12/16/1
Modified: 2024-11-21
CVE-2019-19377
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4367-1
- USN-4367-1
- USN-4369-1
- USN-4369-1
- USN-4414-1
- USN-4414-1
Modified: 2024-11-21
CVE-2019-19448
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4578-1
- USN-4578-1
Modified: 2024-11-21
CVE-2019-19769
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
- https://bugzilla.kernel.org/show_bug.cgi?id=205705
- https://bugzilla.kernel.org/show_bug.cgi?id=205705
- FEDORA-2020-73c00eda1c
- FEDORA-2020-73c00eda1c
- FEDORA-2020-76966b3419
- FEDORA-2020-76966b3419
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4368-1
- USN-4368-1
- USN-4369-1
- USN-4369-1
Modified: 2024-11-21
CVE-2019-19770
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace
- openSUSE-SU-2020:0543
- openSUSE-SU-2020:0543
- https://bugzilla.kernel.org/show_bug.cgi?id=205713
- https://bugzilla.kernel.org/show_bug.cgi?id=205713
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/
- https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
Modified: 2024-11-21
CVE-2019-2308
User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Modified: 2024-11-21
CVE-2019-3016
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- [oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest
- [oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest
- https://bugzilla.redhat.com/show_bug.cgi?id=1792167
- https://bugzilla.redhat.com/show_bug.cgi?id=1792167
- https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7
- https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7
- https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e
- https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e
- https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589
- https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589
- https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e
- https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e
- https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796
- https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796
- https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/
- https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/
- https://security.netapp.com/advisory/ntap-20200313-0003/
- https://security.netapp.com/advisory/ntap-20200313-0003/
- USN-4300-1
- USN-4300-1
- USN-4301-1
- USN-4301-1
- DSA-4699
- DSA-4699
Modified: 2024-11-21
CVE-2020-10757
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
- openSUSE-SU-2020:0801
- Red Hat
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- FEDORA-2020-203ffedeb5
- https://security.netapp.com/advisory/ntap-20200702-0004/
- USN-4426-1
- USN-4439-1
- USN-4440-1
- USN-4483-1
- DSA-4698
- DSA-4699
- https://www.openwall.com/lists/oss-security/2020/06/04/4
- openSUSE-SU-2020:0801
- https://www.openwall.com/lists/oss-security/2020/06/04/4
- DSA-4699
- DSA-4698
- USN-4483-1
- USN-4440-1
- USN-4439-1
- USN-4426-1
- https://security.netapp.com/advisory/ntap-20200702-0004/
- FEDORA-2020-203ffedeb5
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
- Red Hat
Modified: 2024-11-21
CVE-2020-11884
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
- FEDORA-2020-b453269c4e
- FEDORA-2020-16f9239805
- FEDORA-2020-64d46a6e29
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4342-1
- USN-4343-1
- USN-4345-1
- DSA-4667
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000
- DSA-4667
- USN-4345-1
- USN-4343-1
- USN-4342-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- FEDORA-2020-64d46a6e29
- FEDORA-2020-16f9239805
- FEDORA-2020-b453269c4e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
Modified: 2024-11-21
CVE-2020-12888
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
- openSUSE-SU-2020:0935
- openSUSE-SU-2020:1153
- [oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- FEDORA-2020-5436586091
- FEDORA-2020-57bf620276
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4525-1
- USN-4526-1
- openSUSE-SU-2020:0935
- USN-4526-1
- USN-4525-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
- FEDORA-2020-57bf620276
- FEDORA-2020-5436586091
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
- openSUSE-SU-2020:1153
Modified: 2024-11-21
CVE-2020-14331
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1858679
- https://bugzilla.redhat.com/show_bug.cgi?id=1858679
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- https://lists.openwall.net/linux-kernel/2020/07/29/234
- https://lists.openwall.net/linux-kernel/2020/07/29/234
- https://www.openwall.com/lists/oss-security/2020/07/28/2
- https://www.openwall.com/lists/oss-security/2020/07/28/2
Modified: 2024-11-21
CVE-2020-14386
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
- openSUSE-SU-2020:1655
- openSUSE-SU-2020:1655
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- FEDORA-2020-468121099e
- FEDORA-2020-468121099e
- https://seclists.org/oss-sec/2020/q3/146
- https://seclists.org/oss-sec/2020/q3/146
Modified: 2024-11-21
CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
- https://bugzilla.redhat.com/show_bug.cgi?id=1888726
- https://bugzilla.redhat.com/show_bug.cgi?id=1888726
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update
- [debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update
- https://lkml.org/lkml/2020/10/16/84
- https://lkml.org/lkml/2020/10/16/84
- https://lkml.org/lkml/2020/10/29/528
- https://lkml.org/lkml/2020/10/29/528
- https://www.starwindsoftware.com/security/sw-20210325-0006/
- https://www.starwindsoftware.com/security/sw-20210325-0006/
Modified: 2024-11-21
CVE-2020-28374
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
- http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
- http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
- [oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
- [oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
- [oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
- [oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
- https://bugzilla.suse.com/attachment.cgi?id=844938
- https://bugzilla.suse.com/attachment.cgi?id=844938
- https://bugzilla.suse.com/show_bug.cgi?id=1178372
- https://bugzilla.suse.com/show_bug.cgi?id=1178372
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
- https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
- https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2021-620fb40359
- FEDORA-2021-620fb40359
- FEDORA-2021-4a91649cf3
- FEDORA-2021-4a91649cf3
- FEDORA-2021-082e638d02
- FEDORA-2021-082e638d02
- https://security.netapp.com/advisory/ntap-20210219-0002/
- https://security.netapp.com/advisory/ntap-20210219-0002/
- DSA-4843
- DSA-4843
Modified: 2024-11-21
CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
Modified: 2024-11-21
CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- ibm-i-cve20204788-info-disc (189296)
- ibm-i-cve20204788-info-disc (189296)
- FEDORA-2020-8c15928d23
- FEDORA-2020-8c15928d23
- FEDORA-2020-4700a73bd5
- FEDORA-2020-4700a73bd5
- https://www.ibm.com/support/pages/node/6370729
- https://www.ibm.com/support/pages/node/6370729
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
- openSUSE-SU-2020:0388
- openSUSE-SU-2020:0388
- https://bugzilla.kernel.org/show_bug.cgi?id=206359
- https://bugzilla.kernel.org/show_bug.cgi?id=206359
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- DSA-4698
- DSA-4698
Modified: 2024-11-21
CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- https://bugzilla.kernel.org/show_bug.cgi?id=206361
- https://bugzilla.kernel.org/show_bug.cgi?id=206361
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200924-0004/
- https://security.netapp.com/advisory/ntap-20200924-0004/
- USN-4342-1
- USN-4342-1
- USN-4344-1
- USN-4344-1
- USN-4345-1
- USN-4345-1
- USN-4346-1
- USN-4346-1
- DSA-4698
- DSA-4698
Modified: 2024-11-21
CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
- openSUSE-SU-2020:0388
- openSUSE-SU-2020:0388
- https://bugzilla.kernel.org/show_bug.cgi?id=206357
- https://bugzilla.kernel.org/show_bug.cgi?id=206357
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- DSA-4698
- DSA-4698
Closed bugs
Консольный интерфейс wicd не запускается
Package pentaho-libxml updated to version 1.1.3-alt1_28jpp8 for branch p9 in task 270803.
Closed bugs
Насильно тащит java
Package chromium-gost updated to version 89.0.4389.114-alt0.p9.1 for branch p9 in task 270833.
Closed vulnerabilities
BDU:2021-00850
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2021-00852
Уязвимость процесса GPU Process веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2021-00855
Уязвимость компонента Payments веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2021-01217
Уязвимость функции TabStrip браузера Google Chrome, связанная с ошибками криптографических преобразований, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01219
Уязвимость интерфейса File System API браузера Google Chrome, связанная с ошибками разграничения доступа, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
BDU:2021-01220
Уязвимость интерфейса Network Internals браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01221
Уязвимость реализации протокола HTTP браузера Google Chrome, связанная с неправильно реализованной проверкой безопасности для стандартных элементов, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
BDU:2021-01222
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
BDU:2021-01223
Уязвимость режима чтения браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01225
Уязвимость компонента WebAudio браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01236
Уязвимость библиотеки для кодирования и декодирования изображений OpenJPEG, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01252
Уязвимость элемента управления пользовательской формы TabStrip веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01253
Уязвимость расширения WebRTC веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01254
Уязвимость элемента управления пользовательской формы TabStrip веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01255
Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01256
Уязвимость компонента Audio браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01257
Уязвимость компонента Audio браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-01258
Уязвимость компонента Bookmarks браузера Google Chrome, позволяющая нарушителю получить выполнить произвольный код
BDU:2021-01259
Уязвимость кэша приложения браузера Google Chrome, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01260
Уязвимость пользовательского интерфейса браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-01262
Уязвимость функции изоляции сайтов браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
BDU:2021-01632
Уязвимость реализации расширения «Группы вкладок» браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01633
Уязвимость механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-01687
Уязвимость компонента WebRTC браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01934
Уязвимость элемента управления TabStrip (панели вкладок) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01935
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01936
Уязвимость функции захват экрана (Screen Capture) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01937
Уязвимость элемента управления TabStrip (панели вкладок) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01938
Уязвимость расширения Aura браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2021-01939
Уязвимость реализации технологии IPC браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03642
Уязвимость расширений браузера Google Chrome, связанная с ошибками в настройках безопасности, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2021-03643
Уязвимость компонента URL браузера Google Chrome, связанная с ошибками в настройках безопасности, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-03644
Уязвимость механизма отображения веб-страниц Blink браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
BDU:2021-03645
Уязвимость функции Платежи браузера Google Chrome, связанная с недостатками процедуры аутентификации, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-03646
Уязвимость компонента PDFium браузера Google Chrome, связанная с использованием неинициализированного ресурса, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
BDU:2021-03647
Уязвимость компонента автодополнения Autofill браузера Google Chrome, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2021-03648
Уязвимость строки URL браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-03649
Уязвимость компонента Network Internals браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
BDU:2021-03650
Уязвимость функции поиска браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
BDU:2021-03655
Уязвимость полноэкранного режима браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-03656
Уязвимость компонента автодополнения Autofill браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2021-03657
Уязвимость навигации браузера Google Chrome, связанная с неправильной авторизацией, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-03658
Уязвимость API браузера Google Chrome, связанная с недостатками механизмов ограничения домена (Same Origin Policy), позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2021-04129
Уязвимость API браузера Google Chrome, связанная с недостатками механизмов ограничения домена (Same Origin Policy), позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2021-06084
Уязвимость функции QR-сканера браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения доступа
Modified: 2024-11-21
CVE-2020-27844
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1907521
- https://bugzilla.redhat.com/show_bug.cgi?id=1907521
- [debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update
- [debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update
- GLSA-202101-29
- GLSA-202101-29
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Modified: 2024-11-21
CVE-2021-21151
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
- https://crbug.com/1165624
- https://crbug.com/1165624
- FEDORA-2021-aa764a8531
- FEDORA-2021-aa764a8531
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21154
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
- https://crbug.com/1173269
- https://crbug.com/1173269
- FEDORA-2021-aa764a8531
- FEDORA-2021-aa764a8531
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21156
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
- http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html
- http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html
- https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
- https://crbug.com/1177341
- https://crbug.com/1177341
- FEDORA-2021-aa764a8531
- FEDORA-2021-aa764a8531
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21159
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1171049
- https://crbug.com/1171049
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21160
Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1170531
- https://crbug.com/1170531
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1235
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1235
Modified: 2024-11-21
CVE-2021-21161
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1173702
- https://crbug.com/1173702
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21162
Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1172054
- https://crbug.com/1172054
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21163
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1111239
- https://crbug.com/1111239
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21164
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1164846
- https://crbug.com/1164846
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
Modified: 2024-11-21
CVE-2021-21165
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1174582
- https://crbug.com/1174582
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2025-02-04
CVE-2021-21166
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1177465
- https://crbug.com/1177465
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21167
Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1161144
- https://crbug.com/1161144
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21168
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1152226
- https://crbug.com/1152226
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21169
Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1166138
- https://crbug.com/1166138
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21170
Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1111646
- https://crbug.com/1111646
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21171
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1152894
- https://crbug.com/1152894
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21172
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1150810
- https://crbug.com/1150810
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21173
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1154250
- https://crbug.com/1154250
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21174
Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1158010
- https://crbug.com/1158010
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21175
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1146651
- https://crbug.com/1146651
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21176
Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1170584
- https://crbug.com/1170584
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21177
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1173879
- https://crbug.com/1173879
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21178
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1174186
- https://crbug.com/1174186
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21179
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1174943
- https://crbug.com/1174943
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21180
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1175507
- https://crbug.com/1175507
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21181
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1182767
- https://crbug.com/1182767
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21182
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1049265
- https://crbug.com/1049265
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21183
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1105875
- https://crbug.com/1105875
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21184
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1131929
- https://crbug.com/1131929
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21185
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1100748
- https://crbug.com/1100748
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21186
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1153445
- https://crbug.com/1153445
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21187
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1155516
- https://crbug.com/1155516
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21188
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1161739
- https://crbug.com/1161739
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21189
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1165392
- https://crbug.com/1165392
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21190
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1166091
- https://crbug.com/1166091
- FEDORA-2021-4740239e28
- FEDORA-2021-4740239e28
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-c88a96bd4b
- FEDORA-2021-78547312f2
- FEDORA-2021-78547312f2
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21191
Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
- https://crbug.com/1167357
- https://crbug.com/1167357
- FEDORA-2021-141d8640ce
- FEDORA-2021-141d8640ce
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21192
Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
- https://crbug.com/1181387
- https://crbug.com/1181387
- FEDORA-2021-141d8640ce
- FEDORA-2021-141d8640ce
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2025-02-05
CVE-2021-21193
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
- https://crbug.com/1186287
- https://crbug.com/1186287
- FEDORA-2021-141d8640ce
- FEDORA-2021-141d8640ce
- GLSA-202104-08
- GLSA-202104-08
- DSA-4886
- DSA-4886
Modified: 2024-11-21
CVE-2021-21194
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1181228
- https://crbug.com/1181228
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21195
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1182647
- https://crbug.com/1182647
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21196
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1175992
- https://crbug.com/1175992
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21197
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1173903
- https://crbug.com/1173903
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21198
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- http://packetstormsecurity.com/files/162973/Chrome-Legacy-ipc-Message-Passed-Via-Shared-Memory.html
- http://packetstormsecurity.com/files/162973/Chrome-Legacy-ipc-Message-Passed-Via-Shared-Memory.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1184399
- https://crbug.com/1184399
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21199
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
- https://crbug.com/1179635
- https://crbug.com/1179635
- FEDORA-2021-ff893e12c5
- FEDORA-2021-ff893e12c5
- FEDORA-2021-35d2bb4627
- FEDORA-2021-35d2bb4627
- FEDORA-2021-c3754414e7
- FEDORA-2021-c3754414e7
- GLSA-202104-08
- GLSA-202104-08
Modified: 2024-11-21
CVE-2021-21200
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)