ALT-PU-2021-1093-1
Package kernel-image-rpi-def updated to version 5.4.83-alt1 for branch sisyphus in task 264900.
Closed vulnerabilities
BDU:2020-04797
Уязвимость компонента net/bluetooth/l2cap_core.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2020-05454
Уязвимость функции sunkbd_reinit() (drivers/input/keyboard/sunkbd.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00005
Уязвимость компонента drivers/tty/tty_jobctrl.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2021-00106
Уязвимость модуля HDLC_PPP ядра операционной системы Linux, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03394
Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-12351
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
- http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351
- http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351
Modified: 2024-11-21
CVE-2020-14386
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
- openSUSE-SU-2020:1655
- openSUSE-SU-2020:1655
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- FEDORA-2020-468121099e
- FEDORA-2020-468121099e
- https://seclists.org/oss-sec/2020/q3/146
- https://seclists.org/oss-sec/2020/q3/146
Modified: 2024-11-21
CVE-2020-25643
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- openSUSE-SU-2020:1655
- openSUSE-SU-2020:1655
- openSUSE-SU-2020:1698
- openSUSE-SU-2020:1698
- https://bugzilla.redhat.com/show_bug.cgi?id=1879981
- https://bugzilla.redhat.com/show_bug.cgi?id=1879981
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105
- [debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update
- [debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- https://security.netapp.com/advisory/ntap-20201103-0002/
- https://security.netapp.com/advisory/ntap-20201103-0002/
- DSA-4774
- DSA-4774
- https://www.starwindsoftware.com/security/sw-20210325-0002/
- https://www.starwindsoftware.com/security/sw-20210325-0002/
Modified: 2024-11-21
CVE-2020-25669
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
- [oss-security] 20201105 CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit
- [oss-security] 20201105 CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit
- [oss-security] 20201120 Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit
- [oss-security] 20201120 Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit
- https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
- https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update
- [debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update
- https://security.netapp.com/advisory/ntap-20210702-0006/
- https://security.netapp.com/advisory/ntap-20210702-0006/
- https://www.openwall.com/lists/oss-security/2020/11/05/2%2C
- https://www.openwall.com/lists/oss-security/2020/11/05/2%2C
- https://www.openwall.com/lists/oss-security/2020/11/20/5%2C
- https://www.openwall.com/lists/oss-security/2020/11/20/5%2C
Modified: 2024-11-21
CVE-2020-27784
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().
Modified: 2024-11-21
CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
- http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
- http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- [oss-security] 20201210 2 kernel issues
- [oss-security] 20201210 2 kernel issues
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2020-bc0cc81a7a
- FEDORA-2020-bc0cc81a7a
- FEDORA-2020-b732958765
- FEDORA-2020-b732958765
- https://security.netapp.com/advisory/ntap-20210122-0001/
- https://security.netapp.com/advisory/ntap-20210122-0001/
- DSA-4843
- DSA-4843
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html