ALT Linux Team

Package kernel-image-centos update in sisyphus on 2022-02-15

ALT-PU-2022-1291-1

Package kernel-image-centos updated to version 5.14.0.60-alt1.el9 for branch sisyphus in task 295404.

Closed vulnerabilities

Published: 2021-12-01

BDU:2022-00095

Уязвимость реализации функций close() и fget() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Severity: HIGH (7.4) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.2) Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
References:
Published: 2022-01-18
Modified: 2024-11-21

CVE-2021-4083

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top