ALT-PU-2021-3451-1
Package kernel-image-rpi-def updated to version 5.10.81-alt1 for branch sisyphus in task 291010.
Closed vulnerabilities
BDU:2021-05673
Уязвимость реализации функции tipc_crypto_key_rcv() протокола для внутрикластерного взаимодействия Transparent Inter-Process Communication (TIPC) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2022-00681
Уязвимость функции loop_rw_iter (fs/io_uring.c ) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05646
Уязвимость интерфейса контроллера NFC (NCI) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2023-01273
Уязвимость функции ovl_write_iter() файловой системы overlayfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2021-3760
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=2000585
- https://bugzilla.redhat.com/show_bug.cgi?id=2000585
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20220318-0007/
- https://security.netapp.com/advisory/ntap-20220318-0007/
- DSA-5096
- DSA-5096
Modified: 2024-11-21
CVE-2021-38300
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
- http://www.openwall.com/lists/oss-security/2021/09/15/5
- http://www.openwall.com/lists/oss-security/2021/09/15/5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20211008-0003/
- https://security.netapp.com/advisory/ntap-20211008-0003/
- DSA-5096
- DSA-5096
Modified: 2024-11-21
CVE-2021-4028
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
- https://access.redhat.com/security/cve/CVE-2021-4028
- https://access.redhat.com/security/cve/CVE-2021-4028
- https://bugzilla.redhat.com/show_bug.cgi?id=2027201
- https://bugzilla.redhat.com/show_bug.cgi?id=2027201
- https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0
- https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74
- https://lkml.org/lkml/2021/10/4/697
- https://lkml.org/lkml/2021/10/4/697
- https://security.netapp.com/advisory/ntap-20221228-0002/
- https://security.netapp.com/advisory/ntap-20221228-0002/
Modified: 2024-11-21
CVE-2021-41073
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/
- http://www.openwall.com/lists/oss-security/2021/09/18/2
- http://www.openwall.com/lists/oss-security/2021/09/18/2
- [oss-security] 20210918 Linux Kernel: Exploitable vulnerability in io_uring
- [oss-security] 20210918 Linux Kernel: Exploitable vulnerability in io_uring
- [oss-security] 20220604 Re: Linux Kernel: Exploitable vulnerability in io_uring
- [oss-security] 20220604 Re: Linux Kernel: Exploitable vulnerability in io_uring
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc
- FEDORA-2021-e0d6215753
- FEDORA-2021-e0d6215753
- FEDORA-2021-884d245ef8
- FEDORA-2021-884d245ef8
- https://security.netapp.com/advisory/ntap-20211014-0003/
- https://security.netapp.com/advisory/ntap-20211014-0003/
- DSA-4978
- DSA-4978
Modified: 2024-11-21
CVE-2021-43267
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
- [oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
- [oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
- https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
- https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
- FEDORA-2021-bdd146e463
- FEDORA-2021-bdd146e463
- FEDORA-2021-a093973910
- FEDORA-2021-a093973910
- https://security.netapp.com/advisory/ntap-20211125-0002/
- https://security.netapp.com/advisory/ntap-20211125-0002/
Modified: 2024-11-21
CVE-2023-1252
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.
Closed bugs
Добавить поддержку nftables