All errata/p8/ALT-PU-2021-1954-1
ALT-PU-2021-1954-1

Package update kernel-image-un-def in branch p8

Version4.19.193-alt0.M80P.1
Task#273499
Published2021-06-09
Max severityMEDIUM
Severity:

Closed issues (10)

BDU:2019-02381
MEDIUM5.6

Уязвимость ядра операционных систем Linux, связанная со смещением указателя за пределы допустимых значений, позволяющая нарушителю реализовать атаки по побочным каналам

Published: 2019-07-04Modified: 2024-05-28
CVSS 3.xMEDIUM 5.6
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.4
CVSS:2.0/AV:L/AC:M/Au:S/C:C/I:N/A:N
References
BDU:2021-02663
LOW3.5

Уязвимость набора стандартов связи для коммуникации IEEE 802.11 операционной системы Windows, позволяющая нарушителю внедрить произвольные сетевые пакеты

Published: 2021-05-24Modified: 2024-09-16
CVSS 3.xLOW 3.5
CVSS:3.x/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0LOW 2.9
CVSS:2.0/AV:A/AC:M/Au:N/C:N/I:P/A:N
References
BDU:2021-03088
LOW2.6

Уязвимость реализации алгоритмов WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Published: 2021-06-18Modified: 2024-09-16
CVSS 3.xLOW 2.6
CVSS:3.x/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0LOW 1.8
CVSS:2.0/AV:A/AC:H/Au:N/C:P/I:N/A:N
References
BDU:2021-03095
LOW3.5

Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю внедрить произвольные сетевые пакеты и/или оказать воздействие на целостность защищаемой информации

Published: 2021-06-18Modified: 2024-09-16
CVSS 3.xLOW 3.5
CVSS:3.x/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0LOW 2.9
CVSS:2.0/AV:A/AC:M/Au:N/C:P/I:N/A:N
References
BDU:2021-03177
MEDIUM5.4

Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Published: 2021-06-23Modified: 2024-09-16
CVSS 3.xMEDIUM 5.4
CVSS:3.x/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
CVSS 2.0LOW 3.2
CVSS:2.0/AV:A/AC:H/Au:N/C:P/I:P/A:N
References
CVE-2019-7308
MEDIUM5.6

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

Published: 2019-02-01Modified: 2024-11-21
CVSS 2.0MEDIUM 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:N/A:N
CVSS 3.xMEDIUM 5.6
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References
CVE-2020-24586
LOW3.5

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Published: 2021-05-11Modified: 2024-11-21
CVSS 2.0LOW 2.9
CVSS:2.0/AV:A/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xLOW 3.5
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2020-24587
LOW2.6

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Published: 2021-05-11Modified: 2024-11-21
CVSS 2.0LOW 1.8
CVSS:2.0/AV:A/AC:H/Au:N/C:P/I:N/A:N
CVSS 3.xLOW 2.6
CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2020-24588
LOW3.5

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Published: 2021-05-11Modified: 2026-04-14
CVSS 2.0LOW 2.9
CVSS:2.0/AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xLOW 3.5
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2020-26147
MEDIUM5.4

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Published: 2021-05-11Modified: 2026-04-14
CVSS 2.0LOW 3.2
CVSS:2.0/AV:A/AC:H/Au:N/C:P/I:P/A:N
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
References