ALT-BU-2021-3894-1
Branch sisyphus update bulletin.
Package kernel-image-rt updated to version 4.19.189-alt1.rt78 for branch sisyphus in task 271271.
Closed vulnerabilities
BDU:2021-02182
Уязвимость компонента BPF JIT (arch/x86/net/bpf_jit_comp.c и arch/x86/net/bpf_jit_comp32.c.) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2021-04260
Уязвимость функции xt_compat_target_from_user() (net/netfilter/x_tables.c) подсистемы netfilter операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2022-03028
Уязвимость функции llcp_sock_connect() операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-03139
Уязвимость функции llcp_sock_bind() протокола nfc ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets
- [oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-21360476b6
- FEDORA-2021-21360476b6
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-d56567bdab
- FEDORA-2021-d56567bdab
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2020-25671
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-21360476b6
- FEDORA-2021-21360476b6
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-1c170a7c7c
- FEDORA-2021-d56567bdab
- FEDORA-2021-d56567bdab
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
- https://security.netapp.com/advisory/ntap-20210805-0010/
- https://security.netapp.com/advisory/ntap-20210805-0010/
Modified: 2024-11-21
CVE-2021-29154
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- FEDORA-2021-e71c033f88
- FEDORA-2021-e71c033f88
- https://news.ycombinator.com/item?id=26757760
- https://news.ycombinator.com/item?id=26757760
- https://security.netapp.com/advisory/ntap-20210604-0006/
- https://security.netapp.com/advisory/ntap-20210604-0006/
- https://www.openwall.com/lists/oss-security/2021/04/08/1
- https://www.openwall.com/lists/oss-security/2021/04/08/1
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-31525
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.