ALT-PU-2021-1208-1
Package kernel-image-un-def updated to version 5.10.13-alt1 for branch sisyphus in task 265772.
Closed vulnerabilities
BDU:2021-01126
Уязвимость реализации сокетов с адресацией AF_VSOCK ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2021-02591
Уязвимость функции ndb_queue_rq ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-26708
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
- [oss-security] 20210205 Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation
- [oss-security] 20210205 Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation
- [oss-security] 20210409 Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation
- [oss-security] 20210409 Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation
- [oss-security] 20220125 CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup
- [oss-security] 20220125 CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446
- https://security.netapp.com/advisory/ntap-20210312-0008/
- https://security.netapp.com/advisory/ntap-20210312-0008/
- https://www.openwall.com/lists/oss-security/2021/02/04/5
- https://www.openwall.com/lists/oss-security/2021/02/04/5
Modified: 2024-11-21
CVE-2021-3348
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
- [oss-security] 20210201 Re: Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq
- [oss-security] 20210201 Re: Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b98e762e3d71e893b221f871825dc64694cfb258
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b98e762e3d71e893b221f871825dc64694cfb258
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- https://www.openwall.com/lists/oss-security/2021/01/28/3
- https://www.openwall.com/lists/oss-security/2021/01/28/3