ALT-PU-2021-2026-1
Package kernel-image-mp updated to version 5.12.12-alt1 for branch sisyphus in task 274750.
Closed vulnerabilities
BDU:2021-02663
Уязвимость набора стандартов связи для коммуникации IEEE 802.11 операционной системы Windows, позволяющая нарушителю внедрить произвольные сетевые пакеты
BDU:2021-03088
Уязвимость реализации алгоритмов WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
BDU:2021-03095
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю внедрить произвольные сетевые пакеты и/или оказать воздействие на целостность защищаемой информации
BDU:2021-03177
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
BDU:2021-03237
Уязвимость компонента arch/arm/mach-footbridge/personal-pci.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2021-04152
Уязвимость компонента net/nfc/llcp_sock.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-04607
Уязвимость функции isotp_setsockopt компонента net/can/isotp.c ядра операционной системы Linux, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-04826
Уязвимость компонента net/can/bcm.c ядра операционной системы Linux, позволяющая нарушителю прочитать часть памяти ядра
BDU:2021-04850
Уязвимость ядра операционной системы Linux , связанная с недостаточной проверкой присвоения разрешений для критичного ресурса, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-24586
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Modified: 2024-11-21
CVE-2020-24587
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Modified: 2024-11-21
CVE-2020-24588
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Modified: 2024-11-21
CVE-2020-26147
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.fragattacks.com
Modified: 2024-11-21
CVE-2021-32078
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://kirtikumarar.com/CVE-2021-32078.txt
- https://kirtikumarar.com/CVE-2021-32078.txt
- https://security.netapp.com/advisory/ntap-20210813-0002/
- https://security.netapp.com/advisory/ntap-20210813-0002/
Modified: 2024-11-21
CVE-2021-32606
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
- [oss-security] 20210512 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210512 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210514 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210514 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210514 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210514 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210528 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- [oss-security] 20210528 Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d
- FEDORA-2021-8832eab899
- FEDORA-2021-8832eab899
- FEDORA-2021-bae582b42c
- FEDORA-2021-bae582b42c
- FEDORA-2021-4f852b79d1
- FEDORA-2021-4f852b79d1
- https://security.netapp.com/advisory/ntap-20210625-0001/
- https://security.netapp.com/advisory/ntap-20210625-0001/
- https://www.openwall.com/lists/oss-security/2021/05/11/16
- https://www.openwall.com/lists/oss-security/2021/05/11/16
Modified: 2024-11-21
CVE-2021-34693
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
- [oss-security] 20210615 CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel
- [oss-security] 20210615 CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
- https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/
- https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/
- DSA-4941
- DSA-4941
Modified: 2024-11-21
CVE-2021-38198
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
- https://github.com/torvalds/linux/commit/b1bd5cba3306691c771d558e94baa73e8b0b96b7
- https://github.com/torvalds/linux/commit/b1bd5cba3306691c771d558e94baa73e8b0b96b7
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
- [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
Modified: 2024-11-21
CVE-2021-38208
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
- [oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
- [oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
- [oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
- [oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
- [oss-security] 20210824 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
- [oss-security] 20210824 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
- https://bugzilla.redhat.com/show_bug.cgi?id=1992810
- https://bugzilla.redhat.com/show_bug.cgi?id=1992810
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba
- https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba