ALT-PU-2021-3469-1
Package kernel-image-std-def updated to version 5.10.82-alt1 for branch p10 in task 290646.
Closed vulnerabilities
BDU:2021-03902
Уязвимость функции sco_sock_sendmsg() подсистемы HCI ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение системы или повысить свои привилегии
BDU:2021-05673
Уязвимость реализации функции tipc_crypto_key_rcv() протокола для внутрикластерного взаимодействия Transparent Inter-Process Communication (TIPC) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2022-00828
Уязвимость функции postclose() ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2023-01273
Уязвимость функции ovl_write_iter() файловой системы overlayfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2020-27820
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
- https://bugzilla.redhat.com/show_bug.cgi?id=1901726
- https://bugzilla.redhat.com/show_bug.cgi?id=1901726
- https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/
- https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-3640
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=1980646
- https://bugzilla.redhat.com/show_bug.cgi?id=1980646
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951
- https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951
- https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20220419-0003/
- https://security.netapp.com/advisory/ntap-20220419-0003/
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-3640
- DSA-5096
- DSA-5096
- https://www.openwall.com/lists/oss-security/2021/07/22/1
- https://www.openwall.com/lists/oss-security/2021/07/22/1
Modified: 2024-11-21
CVE-2021-43267
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
- [oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
- [oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
- https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
- https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
- FEDORA-2021-bdd146e463
- FEDORA-2021-bdd146e463
- FEDORA-2021-a093973910
- FEDORA-2021-a093973910
- https://security.netapp.com/advisory/ntap-20211125-0002/
- https://security.netapp.com/advisory/ntap-20211125-0002/
Modified: 2024-11-21
CVE-2023-1252
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.