Vulnerability-Lookup

CVE-2021-20194 (GCVE-0-2021-20194)

Vulnerability from cvelistv5 – Published: 2021-02-23 22:33 – Updated: 2024-08-03 17:30

Summary

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

redhat

References

2 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1912683	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021032…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: kernel 5.2 and higher.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210326-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.2 and higher."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-26T10:06:09.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210326-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20194",
    "datePublished": "2021-02-23T22:33:24.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:30:07.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-20194",
      "date": "2026-05-25",
      "epss": "0.0005",
      "percentile": "0.15647"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartExcluding\": \"5.2\", \"matchCriteriaId\": \"52C57624-28DE-4E03-B6EF-F09CC640D9F0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44C5E433-229C-4BB9-8481-8A74AFA8DB8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D432C063-0805-4151-A819-508FE8954101\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B62E762-2878-455A-93C9-A5DB430D7BB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad en el kernel de Linux versiones superiores a 5.2 (si el kernel compilado con los par\\u00e1metros config CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY no se establece y el hook BPF a getsockopt est\\u00e1 registrado).\u0026#xa0;Como resultado de la ejecuci\\u00f3n de BPF, el usuario local puede desencadenar un error en la funci\\u00f3n __cgroup_bpf_run_filter_getsockopt() que puede conllevar a un desbordamiento de la pila (debido a una copia de usuario no reforzada).\u0026#xa0;El impacto del ataque podr\\u00eda ser la denegaci\\u00f3n de servicio o posiblemente una escalada de privilegios\"}]",
      "id": "CVE-2021-20194",
      "lastModified": "2024-11-21T05:46:06.407",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-23T23:15:13.100",
      "references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1912683\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210326-0003/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1912683\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210326-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20194\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-02-23T23:15:13.100\",\"lastModified\":\"2024-11-21T05:46:06.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad en el kernel de Linux versiones superiores a 5.2 (si el kernel compilado con los par\u00e1metros config CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY no se establece y el hook BPF a getsockopt est\u00e1 registrado).\u0026#xa0;Como resultado de la ejecuci\u00f3n de BPF, el usuario local puede desencadenar un error en la funci\u00f3n __cgroup_bpf_run_filter_getsockopt() que puede conllevar a un desbordamiento de la pila (debido a una copia de usuario no reforzada).\u0026#xa0;El impacto del ataque podr\u00eda ser la denegaci\u00f3n de servicio o posiblemente una escalada de privilegios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"5.2\",\"matchCriteriaId\":\"52C57624-28DE-4E03-B6EF-F09CC640D9F0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44C5E433-229C-4BB9-8481-8A74AFA8DB8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D432C063-0805-4151-A819-508FE8954101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B62E762-2878-455A-93C9-A5DB430D7BB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1912683\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210326-0003/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1912683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210326-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-200

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4876-1 du 16 mars 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4878-1 du 16 mars 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4877-1 du 16 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239"
    },
    {
      "name": "CVE-2020-29569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29569"
    },
    {
      "name": "CVE-2020-36158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2021-3178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3178"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-200",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4876-1 du 16 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4876-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4878-1 du 16 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4878-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4877-1 du 16 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4877-1"
    }
  ]
}

CERTFR-2021-AVI-211

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux d’Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité le noyau Linux d’Ubuntu USN-4884-1 du 20 mars 2021	None	vendor-advisory
Bulletin de sécurité le noyau Linux d’Ubuntu USN-4883-1 du 20 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2021-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-211",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u2019Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u2019Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u2019Ubuntu USN-4884-1 du 20 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4884-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u2019Ubuntu USN-4883-1 du 20 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4883-1"
    }
  ]
}

CERTFR-2021-AVI-265

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4912-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4904-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4910-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4907-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4911-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4909-1 du 13 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20261"
    },
    {
      "name": "CVE-2020-14390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
    },
    {
      "name": "CVE-2021-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239"
    },
    {
      "name": "CVE-2021-26931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26931"
    },
    {
      "name": "CVE-2020-25285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
    },
    {
      "name": "CVE-2021-3411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3411"
    },
    {
      "name": "CVE-2019-19061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19061"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
    },
    {
      "name": "CVE-2015-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
    },
    {
      "name": "CVE-2021-26930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26930"
    },
    {
      "name": "CVE-2019-16231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
    },
    {
      "name": "CVE-2020-27830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27830"
    },
    {
      "name": "CVE-2020-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25639"
    },
    {
      "name": "CVE-2017-16644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16644"
    },
    {
      "name": "CVE-2019-16232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16232"
    },
    {
      "name": "CVE-2020-36158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
    },
    {
      "name": "CVE-2021-28038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28038"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2020-25669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25669"
    },
    {
      "name": "CVE-2021-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2021-3178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3178"
    },
    {
      "name": "CVE-2018-13095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
    },
    {
      "name": "CVE-2021-20268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20268"
    },
    {
      "name": "CVE-2020-14351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
    },
    {
      "name": "CVE-2020-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
    },
    {
      "name": "CVE-2020-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0423"
    },
    {
      "name": "CVE-2017-5967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5967"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    },
    {
      "name": "CVE-2021-28375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28375"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4912-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4912-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4904-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4904-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4910-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4910-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4907-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4907-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4911-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4911-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4909-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4909-1"
    }
  ]
}

CERTFR-2021-AVI-864

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat	N/A	Red Hat Virtualization Host 4 for RHEL 8 x86_64

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2021:4356 du 10 novembre 2021	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2021:4140 du 09 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Virtualization Host 4 for RHEL 8 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
    },
    {
      "name": "CVE-2020-26139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
    },
    {
      "name": "CVE-2021-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239"
    },
    {
      "name": "CVE-2020-24587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
    },
    {
      "name": "CVE-2021-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3600"
    },
    {
      "name": "CVE-2020-27777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
    },
    {
      "name": "CVE-2021-3679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
    },
    {
      "name": "CVE-2021-31440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31440"
    },
    {
      "name": "CVE-2020-29660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
    },
    {
      "name": "CVE-2020-26146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
    },
    {
      "name": "CVE-2020-26143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26143"
    },
    {
      "name": "CVE-2021-31916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
    },
    {
      "name": "CVE-2021-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3635"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2020-24504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24504"
    },
    {
      "name": "CVE-2020-24588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
    },
    {
      "name": "CVE-2021-28971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
    },
    {
      "name": "CVE-2021-23133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
    },
    {
      "name": "CVE-2020-26140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
    },
    {
      "name": "CVE-2021-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3659"
    },
    {
      "name": "CVE-2020-24586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
    },
    {
      "name": "CVE-2020-24502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24502"
    },
    {
      "name": "CVE-2021-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
    },
    {
      "name": "CVE-2020-36158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
    },
    {
      "name": "CVE-2020-36386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36386"
    },
    {
      "name": "CVE-2020-26144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26144"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3489"
    },
    {
      "name": "CVE-2020-24503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24503"
    },
    {
      "name": "CVE-2021-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2020-26147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
    },
    {
      "name": "CVE-2021-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3732"
    },
    {
      "name": "CVE-2021-29155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29155"
    },
    {
      "name": "CVE-2020-26141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
    },
    {
      "name": "CVE-2021-33200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33200"
    },
    {
      "name": "CVE-2021-31829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31829"
    },
    {
      "name": "CVE-2020-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
    },
    {
      "name": "CVE-2021-29646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29646"
    },
    {
      "name": "CVE-2020-26145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-864",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:4356 du 10 novembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:4356"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:4140 du 09 novembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:4140"
    }
  ]
}

CERTFR-2021-AVI-200

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4876-1 du 16 mars 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4878-1 du 16 mars 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4877-1 du 16 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239"
    },
    {
      "name": "CVE-2020-29569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29569"
    },
    {
      "name": "CVE-2020-36158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2021-3178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3178"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-200",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4876-1 du 16 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4876-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4878-1 du 16 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4878-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4877-1 du 16 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4877-1"
    }
  ]
}

CERTFR-2021-AVI-211

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité le noyau Linux d’Ubuntu USN-4884-1 du 20 mars 2021	None	vendor-advisory
Bulletin de sécurité le noyau Linux d’Ubuntu USN-4883-1 du 20 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2021-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-211",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u2019Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u2019Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u2019Ubuntu USN-4884-1 du 20 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4884-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u2019Ubuntu USN-4883-1 du 20 mars 2021",
      "url": "https://ubuntu.com/security/notices/USN-4883-1"
    }
  ]
}

CERTFR-2021-AVI-265

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4912-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4904-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4910-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4907-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4911-1 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4909-1 du 13 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20261"
    },
    {
      "name": "CVE-2020-14390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
    },
    {
      "name": "CVE-2021-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239"
    },
    {
      "name": "CVE-2021-26931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26931"
    },
    {
      "name": "CVE-2020-25285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
    },
    {
      "name": "CVE-2021-3411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3411"
    },
    {
      "name": "CVE-2019-19061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19061"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
    },
    {
      "name": "CVE-2015-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
    },
    {
      "name": "CVE-2021-26930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26930"
    },
    {
      "name": "CVE-2019-16231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
    },
    {
      "name": "CVE-2020-27830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27830"
    },
    {
      "name": "CVE-2020-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25639"
    },
    {
      "name": "CVE-2017-16644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16644"
    },
    {
      "name": "CVE-2019-16232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16232"
    },
    {
      "name": "CVE-2020-36158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
    },
    {
      "name": "CVE-2021-28038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28038"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2020-25669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25669"
    },
    {
      "name": "CVE-2021-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2021-3178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3178"
    },
    {
      "name": "CVE-2018-13095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
    },
    {
      "name": "CVE-2021-20268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20268"
    },
    {
      "name": "CVE-2020-14351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
    },
    {
      "name": "CVE-2020-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
    },
    {
      "name": "CVE-2020-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0423"
    },
    {
      "name": "CVE-2017-5967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5967"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    },
    {
      "name": "CVE-2021-28375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28375"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4912-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4912-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4904-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4904-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4910-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4910-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4907-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4907-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4911-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4911-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4909-1 du 13 avril 2021",
      "url": "https://ubuntu.com/security/notices/USN-4909-1"
    }
  ]
}

CERTFR-2021-AVI-864

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat	N/A	Red Hat Virtualization Host 4 for RHEL 8 x86_64

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2021:4356 du 10 novembre 2021	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2021:4140 du 09 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Virtualization Host 4 for RHEL 8 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
    },
    {
      "name": "CVE-2020-26139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
    },
    {
      "name": "CVE-2021-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239"
    },
    {
      "name": "CVE-2020-24587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
    },
    {
      "name": "CVE-2021-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3600"
    },
    {
      "name": "CVE-2020-27777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
    },
    {
      "name": "CVE-2021-3679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
    },
    {
      "name": "CVE-2021-31440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31440"
    },
    {
      "name": "CVE-2020-29660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
    },
    {
      "name": "CVE-2020-26146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
    },
    {
      "name": "CVE-2020-26143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26143"
    },
    {
      "name": "CVE-2021-31916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
    },
    {
      "name": "CVE-2021-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3635"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2020-24504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24504"
    },
    {
      "name": "CVE-2020-24588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
    },
    {
      "name": "CVE-2021-28971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
    },
    {
      "name": "CVE-2021-23133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
    },
    {
      "name": "CVE-2020-26140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
    },
    {
      "name": "CVE-2021-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3659"
    },
    {
      "name": "CVE-2020-24586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
    },
    {
      "name": "CVE-2020-24502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24502"
    },
    {
      "name": "CVE-2021-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
    },
    {
      "name": "CVE-2020-36158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
    },
    {
      "name": "CVE-2020-36386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36386"
    },
    {
      "name": "CVE-2020-26144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26144"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3489"
    },
    {
      "name": "CVE-2020-24503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24503"
    },
    {
      "name": "CVE-2021-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348"
    },
    {
      "name": "CVE-2021-20194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194"
    },
    {
      "name": "CVE-2020-26147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
    },
    {
      "name": "CVE-2021-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3732"
    },
    {
      "name": "CVE-2021-29155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29155"
    },
    {
      "name": "CVE-2020-26141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
    },
    {
      "name": "CVE-2021-33200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33200"
    },
    {
      "name": "CVE-2021-31829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31829"
    },
    {
      "name": "CVE-2020-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
    },
    {
      "name": "CVE-2021-29646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29646"
    },
    {
      "name": "CVE-2020-26145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-864",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:4356 du 10 novembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:4356"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:4140 du 09 novembre 2021",
      "url": "https://access.redhat.com/errata/RHSA-2021:4140"
    }
  ]
}

alsa-2021:4356

Vulnerability from osv_almalinux

Published

2021-11-09 09:08

Modified

2021-11-12 10:21

Summary

Moderate: kernel security, bug fix, and enhancement update

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) * kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) * kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) * kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) * kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) * kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) * kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) * kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660) * kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158) * kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386) * kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348) * kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) * kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) * kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) * kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) * kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) * kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) * kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971) * kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155) * kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646) * kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650) * kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) * kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) * kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) * kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) * kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635) * kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659) * kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) * kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)

References

URL

Type

	https://vulners.com/cve/CVE-2019-14615	REPORT
	https://vulners.com/cve/CVE-2020-0427	REPORT
	https://vulners.com/cve/CVE-2020-24502	REPORT
	https://vulners.com/cve/CVE-2020-24503	REPORT
	https://vulners.com/cve/CVE-2020-24504	REPORT
	https://vulners.com/cve/CVE-2020-24586	REPORT
	https://vulners.com/cve/CVE-2020-24587	REPORT
	https://vulners.com/cve/CVE-2020-24588	REPORT
	https://vulners.com/cve/CVE-2020-26139	REPORT
	https://vulners.com/cve/CVE-2020-26140	REPORT
	https://vulners.com/cve/CVE-2020-26141	REPORT
	https://vulners.com/cve/CVE-2020-26143	REPORT
	https://vulners.com/cve/CVE-2020-26144	REPORT
	https://vulners.com/cve/CVE-2020-26145	REPORT
	https://vulners.com/cve/CVE-2020-26146	REPORT
	https://vulners.com/cve/CVE-2020-26147	REPORT
	https://vulners.com/cve/CVE-2020-27777	REPORT
	https://vulners.com/cve/CVE-2020-29368	REPORT
	https://vulners.com/cve/CVE-2020-29660	REPORT
	https://vulners.com/cve/CVE-2020-36158	REPORT
	https://vulners.com/cve/CVE-2020-36312	REPORT
	https://vulners.com/cve/CVE-2020-36386	REPORT
	https://vulners.com/cve/CVE-2021-0129	REPORT
	https://vulners.com/cve/CVE-2021-20194	REPORT
	https://vulners.com/cve/CVE-2021-20239	REPORT
	https://vulners.com/cve/CVE-2021-23133	REPORT
	https://vulners.com/cve/CVE-2021-28950	REPORT
	https://vulners.com/cve/CVE-2021-28971	REPORT
	https://vulners.com/cve/CVE-2021-29155	REPORT
	https://vulners.com/cve/CVE-2021-29646	REPORT
	https://vulners.com/cve/CVE-2021-29650	REPORT
	https://vulners.com/cve/CVE-2021-31440	REPORT
	https://vulners.com/cve/CVE-2021-31829	REPORT
	https://vulners.com/cve/CVE-2021-31916	REPORT
	https://vulners.com/cve/CVE-2021-33033	REPORT
	https://vulners.com/cve/CVE-2021-33200	REPORT
	https://vulners.com/cve/CVE-2021-3348	REPORT
	https://vulners.com/cve/CVE-2021-3489	REPORT
	https://vulners.com/cve/CVE-2021-3564	REPORT
	https://vulners.com/cve/CVE-2021-3573	REPORT
	https://vulners.com/cve/CVE-2021-3600	REPORT
	https://vulners.com/cve/CVE-2021-3635	REPORT
	https://vulners.com/cve/CVE-2021-3659	REPORT
	https://vulners.com/cve/CVE-2021-3679	REPORT
	https://vulners.com/cve/CVE-2021-3732	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-348.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n* kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt()  (CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n* kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n* kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)",
  "id": "ALSA-2021:4356",
  "modified": "2021-11-12T10:21:01Z",
  "published": "2021-11-09T09:08:02Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-14615"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-0427"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24502"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24503"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24504"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24586"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24587"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-24588"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26139"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26140"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26141"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26143"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26144"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26145"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26146"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-26147"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-27777"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-29368"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-29660"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-36158"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-36312"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-36386"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-0129"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-20194"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-20239"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-23133"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-28950"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-28971"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-29155"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-29646"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-29650"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-31440"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-31829"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-31916"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-33033"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-33200"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3348"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3489"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3564"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3573"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3600"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3635"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3659"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3679"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3732"
    }
  ],
  "related": [
    "CVE-2020-0427",
    "CVE-2020-24502",
    "CVE-2020-24503",
    "CVE-2020-24504",
    "CVE-2020-24586",
    "CVE-2020-24587",
    "CVE-2020-24588",
    "CVE-2020-26139",
    "CVE-2020-26140",
    "CVE-2020-26141",
    "CVE-2020-26143",
    "CVE-2020-26144",
    "CVE-2020-26145",
    "CVE-2020-27777",
    "CVE-2020-29660",
    "CVE-2020-36158",
    "CVE-2020-36386",
    "CVE-2021-0129",
    "CVE-2021-3348",
    "CVE-2021-3489",
    "CVE-2021-3564",
    "CVE-2021-3573",
    "CVE-2021-3600",
    "CVE-2021-3679",
    "CVE-2021-3732",
    "CVE-2021-20194",
    "CVE-2021-23133",
    "CVE-2021-28950",
    "CVE-2021-28971",
    "CVE-2021-29155",
    "CVE-2021-29646",
    "CVE-2021-29650",
    "CVE-2021-31440",
    "CVE-2021-31829",
    "CVE-2021-33200",
    "CVE-2020-26146",
    "CVE-2020-26147",
    "CVE-2020-29368",
    "CVE-2021-3635",
    "CVE-2021-3659",
    "CVE-2021-20239",
    "CVE-2021-31916"
  ],
  "summary": "Moderate: kernel security, bug fix, and enhancement update"
}

CNVD-2021-12653

Vulnerability from cnvd - Published: 2021-02-26

Title

linux kernel堆溢出漏洞

Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行 linux kernel 5.2以上版本中的__cgroup_bpf_run_filter_getsockopt()函数存在堆溢出漏洞。该漏洞源于BPF执行。攻击者可利用该漏洞导致拒绝服务或提升权限。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.kernel.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-20194

Impacted products

Name
Linux kernel >5.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-20194",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-20194"
    }
  },
  "description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\n\nlinux kernel 5.2\u4ee5\u4e0a\u7248\u672c\u4e2d\u7684__cgroup_bpf_run_filter_getsockopt()\u51fd\u6570\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eBPF\u6267\u884c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.kernel.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-12653",
  "openTime": "2021-02-26",
  "products": {
    "product": "Linux kernel \u003e5.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-20194",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-24",
  "title": "linux kernel\u5806\u6ea2\u51fa\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20194 (GCVE-0-2021-20194)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature