ALT-PU-2021-3357-1
Package kernel-image-un-def updated to version 5.14.21-alt1 for branch p10 in task 290390.
Closed vulnerabilities
BDU:2021-04806
Уязвимость функции ccp_run_aes_gcm_cmd() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-05472
Уязвимость функции mbochs_ioctl файла samples / vfio-mdev / mbochs.c ядра операционных систем семейства Linux, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2022-05780
Уязвимость функции btrfs_rm_device компонента fs/btrfs/volumes.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3736
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.
- https://access.redhat.com/security/cve/CVE-2021-3736
- https://access.redhat.com/security/cve/CVE-2021-3736
- https://bugzilla.redhat.com/show_bug.cgi?id=1995570
- https://bugzilla.redhat.com/show_bug.cgi?id=1995570
- https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f
- https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f
Modified: 2024-11-21
CVE-2021-3739
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1997958
- https://bugzilla.redhat.com/show_bug.cgi?id=1997958
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://security.netapp.com/advisory/ntap-20220407-0006/
- https://security.netapp.com/advisory/ntap-20220407-0006/
- https://ubuntu.com/security/CVE-2021-3739
- https://ubuntu.com/security/CVE-2021-3739
- https://www.openwall.com/lists/oss-security/2021/08/25/3
- https://www.openwall.com/lists/oss-security/2021/08/25/3
Modified: 2024-11-21
CVE-2021-3764
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
- https://access.redhat.com/security/cve/CVE-2021-3764
- https://access.redhat.com/security/cve/CVE-2021-3764
- https://bugzilla.redhat.com/show_bug.cgi?id=1997467
- https://bugzilla.redhat.com/show_bug.cgi?id=1997467
- https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
- https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
- https://security-tracker.debian.org/tracker/CVE-2021-3764
- https://security-tracker.debian.org/tracker/CVE-2021-3764