Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-46935 (GCVE-0-2021-46935)
Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2026-05-11 13:44
VLAI
EPSS
Title
binder: fix async_free_space accounting for empty parcels
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: fix async_free_space accounting for empty parcels
In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space")
fixed a kernel structure visibility issue. As part of that patch,
sizeof(void *) was used as the buffer size for 0-length data payloads so
the driver could detect abusive clients sending 0-length asynchronous
transactions to a server by enforcing limits on async_free_size.
Unfortunately, on the "free" side, the accounting of async_free_space
did not add the sizeof(void *) back. The result was that up to 8-bytes of
async_free_space were leaked on every async transaction of 8-bytes or
less. These small transactions are uncommon, so this accounting issue
has gone undetected for several years.
The fix is to use "buffer_size" (the allocated buffer size) instead of
"size" (the logical buffer size) when updating the async_free_space
during the free operation. These are the same except for this
corner case of asynchronous transactions with payloads < 8 bytes.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
74310e06be4d74dcf67cd108366710dee5c576d5 , < 2d2df539d05205fd83c404d5f2dff48d36f9b495
(git)
Affected: 74310e06be4d74dcf67cd108366710dee5c576d5 , < 7c7064402609aeb6fb11be1b4ec10673ff17b593 (git) Affected: 74310e06be4d74dcf67cd108366710dee5c576d5 , < 103b16a8c51f96d5fe063022869ea906c256e5da (git) Affected: 74310e06be4d74dcf67cd108366710dee5c576d5 , < 1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4 (git) Affected: 74310e06be4d74dcf67cd108366710dee5c576d5 , < 17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff (git) Affected: 74310e06be4d74dcf67cd108366710dee5c576d5 , < cfd0d84ba28c18b531648c9d4a35ecca89ad9901 (git) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 4.14.261 , ≤ 4.14.* (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T20:52:57.585284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:03.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d2df539d05205fd83c404d5f2dff48d36f9b495",
"status": "affected",
"version": "74310e06be4d74dcf67cd108366710dee5c576d5",
"versionType": "git"
},
{
"lessThan": "7c7064402609aeb6fb11be1b4ec10673ff17b593",
"status": "affected",
"version": "74310e06be4d74dcf67cd108366710dee5c576d5",
"versionType": "git"
},
{
"lessThan": "103b16a8c51f96d5fe063022869ea906c256e5da",
"status": "affected",
"version": "74310e06be4d74dcf67cd108366710dee5c576d5",
"versionType": "git"
},
{
"lessThan": "1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4",
"status": "affected",
"version": "74310e06be4d74dcf67cd108366710dee5c576d5",
"versionType": "git"
},
{
"lessThan": "17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff",
"status": "affected",
"version": "74310e06be4d74dcf67cd108366710dee5c576d5",
"versionType": "git"
},
{
"lessThan": "cfd0d84ba28c18b531648c9d4a35ecca89ad9901",
"status": "affected",
"version": "74310e06be4d74dcf67cd108366710dee5c576d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:44:45.123Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
],
"title": "binder: fix async_free_space accounting for empty parcels",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46935",
"datePublished": "2024-02-27T09:44:02.071Z",
"dateReserved": "2024-02-25T13:45:52.720Z",
"dateUpdated": "2026-05-11T13:44:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-46935",
"date": "2026-05-25",
"epss": "0.00017",
"percentile": "0.04626"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.14.0\", \"versionEndExcluding\": \"4.14.261\", \"matchCriteriaId\": \"D04E4F21-CE5F-4E9D-A182-492968E35204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.15.0\", \"versionEndExcluding\": \"4.19.224\", \"matchCriteriaId\": \"B34A1353-506A-4AB9-87EC-CD50F09DFB8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20.0\", \"versionEndExcluding\": \"5.4.170\", \"matchCriteriaId\": \"56D16FBB-453E-4316-A027-E517828203D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5.0\", \"versionEndExcluding\": \"5.10.90\", \"matchCriteriaId\": \"C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11.0\", \"versionEndExcluding\": \"5.15.13\", \"matchCriteriaId\": \"083E0940-932B-447B-A6B2-677DAE27FD04\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbinder: fix async_free_space accounting for empty parcels\\n\\nIn 4.13, commit 74310e06be4d (\\\"android: binder: Move buffer out of area shared with user space\\\")\\nfixed a kernel structure visibility issue. As part of that patch,\\nsizeof(void *) was used as the buffer size for 0-length data payloads so\\nthe driver could detect abusive clients sending 0-length asynchronous\\ntransactions to a server by enforcing limits on async_free_size.\\n\\nUnfortunately, on the \\\"free\\\" side, the accounting of async_free_space\\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\\nasync_free_space were leaked on every async transaction of 8-bytes or\\nless. These small transactions are uncommon, so this accounting issue\\nhas gone undetected for several years.\\n\\nThe fix is to use \\\"buffer_size\\\" (the allocated buffer size) instead of\\n\\\"size\\\" (the logical buffer size) when updating the async_free_space\\nduring the free operation. These are the same except for this\\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: binder: corrige la contabilidad async_free_space para paquetes vac\\u00edos En 4.13, el commit 74310e06be4d (\\\"android: binder: mover el b\\u00fafer fuera del \\u00e1rea compartida con el espacio del usuario\\\") solucion\\u00f3 un problema de visibilidad de la estructura del kernel. Como parte de ese parche, se us\\u00f3 sizeof(void *) como tama\\u00f1o de b\\u00fafer para cargas de datos de longitud 0, de modo que el controlador pudiera detectar clientes abusivos que enviaran transacciones asincr\\u00f3nicas de longitud 0 a un servidor imponiendo l\\u00edmites en async_free_size. Desafortunadamente, en el lado \\\"libre\\\", la contabilidad de async_free_space no volvi\\u00f3 a agregar el tama\\u00f1o de (void *). El resultado fue que se filtraron hasta 8 bytes de async_free_space en cada transacci\\u00f3n as\\u00edncrona de 8 bytes o menos. Estas peque\\u00f1as transacciones son poco comunes, por lo que este problema contable ha pasado desapercibido durante varios a\\u00f1os. La soluci\\u00f3n es utilizar \\\"buffer_size\\\" (el tama\\u00f1o del b\\u00fafer asignado) en lugar de \\\"size\\\" (el tama\\u00f1o del b\\u00fafer l\\u00f3gico) al actualizar async_free_space durante la operaci\\u00f3n libre. Son iguales excepto por este caso de esquina de transacciones asincr\\u00f3nicas con payloads \u0026lt;8 bytes.\"}]",
"id": "CVE-2021-46935",
"lastModified": "2024-11-21T06:34:58.220",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-02-27T10:15:07.957",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-46935\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T10:15:07.957\",\"lastModified\":\"2024-11-21T06:34:58.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbinder: fix async_free_space accounting for empty parcels\\n\\nIn 4.13, commit 74310e06be4d (\\\"android: binder: Move buffer out of area shared with user space\\\")\\nfixed a kernel structure visibility issue. As part of that patch,\\nsizeof(void *) was used as the buffer size for 0-length data payloads so\\nthe driver could detect abusive clients sending 0-length asynchronous\\ntransactions to a server by enforcing limits on async_free_size.\\n\\nUnfortunately, on the \\\"free\\\" side, the accounting of async_free_space\\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\\nasync_free_space were leaked on every async transaction of 8-bytes or\\nless. These small transactions are uncommon, so this accounting issue\\nhas gone undetected for several years.\\n\\nThe fix is to use \\\"buffer_size\\\" (the allocated buffer size) instead of\\n\\\"size\\\" (the logical buffer size) when updating the async_free_space\\nduring the free operation. These are the same except for this\\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: binder: corrige la contabilidad async_free_space para paquetes vac\u00edos En 4.13, el commit 74310e06be4d (\\\"android: binder: mover el b\u00fafer fuera del \u00e1rea compartida con el espacio del usuario\\\") solucion\u00f3 un problema de visibilidad de la estructura del kernel. Como parte de ese parche, se us\u00f3 sizeof(void *) como tama\u00f1o de b\u00fafer para cargas de datos de longitud 0, de modo que el controlador pudiera detectar clientes abusivos que enviaran transacciones asincr\u00f3nicas de longitud 0 a un servidor imponiendo l\u00edmites en async_free_size. Desafortunadamente, en el lado \\\"libre\\\", la contabilidad de async_free_space no volvi\u00f3 a agregar el tama\u00f1o de (void *). El resultado fue que se filtraron hasta 8 bytes de async_free_space en cada transacci\u00f3n as\u00edncrona de 8 bytes o menos. Estas peque\u00f1as transacciones son poco comunes, por lo que este problema contable ha pasado desapercibido durante varios a\u00f1os. La soluci\u00f3n es utilizar \\\"buffer_size\\\" (el tama\u00f1o del b\u00fafer asignado) en lugar de \\\"size\\\" (el tama\u00f1o del b\u00fafer l\u00f3gico) al actualizar async_free_space durante la operaci\u00f3n libre. Son iguales excepto por este caso de esquina de transacciones asincr\u00f3nicas con payloads \u0026lt;8 bytes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.0\",\"versionEndExcluding\":\"4.14.261\",\"matchCriteriaId\":\"D04E4F21-CE5F-4E9D-A182-492968E35204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.0\",\"versionEndExcluding\":\"4.19.224\",\"matchCriteriaId\":\"B34A1353-506A-4AB9-87EC-CD50F09DFB8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20.0\",\"versionEndExcluding\":\"5.4.170\",\"matchCriteriaId\":\"56D16FBB-453E-4316-A027-E517828203D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.10.90\",\"matchCriteriaId\":\"C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.15.13\",\"matchCriteriaId\":\"083E0940-932B-447B-A6B2-677DAE27FD04\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:17:43.010Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46935\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-27T20:52:57.585284Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:41.074Z\"}}], \"cna\": {\"title\": \"binder: fix async_free_space accounting for empty parcels\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"74310e06be4d74dcf67cd108366710dee5c576d5\", \"lessThan\": \"2d2df539d05205fd83c404d5f2dff48d36f9b495\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"74310e06be4d74dcf67cd108366710dee5c576d5\", \"lessThan\": \"7c7064402609aeb6fb11be1b4ec10673ff17b593\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"74310e06be4d74dcf67cd108366710dee5c576d5\", \"lessThan\": \"103b16a8c51f96d5fe063022869ea906c256e5da\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"74310e06be4d74dcf67cd108366710dee5c576d5\", \"lessThan\": \"1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"74310e06be4d74dcf67cd108366710dee5c576d5\", \"lessThan\": \"17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"74310e06be4d74dcf67cd108366710dee5c576d5\", \"lessThan\": \"cfd0d84ba28c18b531648c9d4a35ecca89ad9901\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/android/binder_alloc.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.14\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.14\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.14.261\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.224\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.170\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.90\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/android/binder_alloc.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\"}, {\"url\": \"https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\"}, {\"url\": \"https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\"}, {\"url\": \"https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\"}, {\"url\": \"https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\"}, {\"url\": \"https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbinder: fix async_free_space accounting for empty parcels\\n\\nIn 4.13, commit 74310e06be4d (\\\"android: binder: Move buffer out of area shared with user space\\\")\\nfixed a kernel structure visibility issue. As part of that patch,\\nsizeof(void *) was used as the buffer size for 0-length data payloads so\\nthe driver could detect abusive clients sending 0-length asynchronous\\ntransactions to a server by enforcing limits on async_free_size.\\n\\nUnfortunately, on the \\\"free\\\" side, the accounting of async_free_space\\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\\nasync_free_space were leaked on every async transaction of 8-bytes or\\nless. These small transactions are uncommon, so this accounting issue\\nhas gone undetected for several years.\\n\\nThe fix is to use \\\"buffer_size\\\" (the allocated buffer size) instead of\\n\\\"size\\\" (the logical buffer size) when updating the async_free_space\\nduring the free operation. These are the same except for this\\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.261\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.224\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.170\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.90\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.13\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.16\", \"versionStartIncluding\": \"4.14\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T13:44:45.123Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-46935\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T13:44:45.123Z\", \"dateReserved\": \"2024-02-25T13:45:52.720Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-27T09:44:02.071Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
BDU:2024-06345
Vulnerability from fstec - Published: 21.12.2021
VLAI
Title
Уязвимость функции async_free_space() в компоненте binder ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость функции async_free_space() в компоненте binder ядра операционной системы Linux связана с утечкой до 8 байт при каждой асинхронной транзакции размером 8 байт или меньше. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию
Severity
Vendor
ООО «РусБИТех-Астра», ООО «Ред Софт», Сообщество свободного программного обеспечения
Software Name
Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), РЕД ОС (запись в едином реестре российских программ №3751), Linux
Software Version
8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 7.3 (РЕД ОС), от 5.5 до 5.10.89 включительно (Linux), от 5.11 до 5.15.12 включительно (Linux), от 4.15 до 4.19.223 включительно (Linux), от 4.20 до 5.4.169 включительно (Linux), от 4.14 до 4.14.260 включительно (Linux)
Possible Mitigations
Для Linux:
https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da
https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff
https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4
https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495
https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593
https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46935
https://git.kernel.org/linus/cfd0d84ba28c18b531648c9d4a35ecca89ad9901
https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da
https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff
https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4
https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495
https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593
https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170
https://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46935-f8f4@gregkh/
https://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46935-f8f4@gregkh/T/#u
https://redos.red-soft.ru/support/secure/
https://www.cve.org/CVERecord?id=CVE-2021-46935
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
CWE
CWE-668
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 5.5 \u0434\u043e 5.10.89 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.169 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.14 \u0434\u043e 4.14.260 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da \nhttps://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff \nhttps://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4 \nhttps://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495 \nhttps://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593 \nhttps://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.12.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.08.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06345",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46935",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20.0 \u0434\u043e 5.4.170 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11.0 \u0434\u043e 5.15.13 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5.0 \u0434\u043e 5.10.90 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.14.0 \u0434\u043e 4.14.261 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.15.0 \u0434\u043e 4.19.224 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 async_free_space() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 binder \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 (CWE-668)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 async_free_space() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 binder \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u0434\u043e 8 \u0431\u0430\u0439\u0442 \u043f\u0440\u0438 \u043a\u0430\u0436\u0434\u043e\u0439 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e\u0439 \u0442\u0440\u0430\u043d\u0437\u0430\u043a\u0446\u0438\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 8 \u0431\u0430\u0439\u0442 \u0438\u043b\u0438 \u043c\u0435\u043d\u044c\u0448\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46935\nhttps://git.kernel.org/linus/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\nhttps://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da\nhttps://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff\nhttps://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4\nhttps://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495\nhttps://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593\nhttps://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170\nhttps://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46935-f8f4@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46935-f8f4@gregkh/T/#u\nhttps://redos.red-soft.ru/support/secure/\nhttps://www.cve.org/CVERecord?id=CVE-2021-46935\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-668",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}
FKIE_CVE-2021-46935
Vulnerability from fkie_nvd - Published: 2024-02-27 10:15 - Updated: 2024-11-21 06:34
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: fix async_free_space accounting for empty parcels
In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space")
fixed a kernel structure visibility issue. As part of that patch,
sizeof(void *) was used as the buffer size for 0-length data payloads so
the driver could detect abusive clients sending 0-length asynchronous
transactions to a server by enforcing limits on async_free_size.
Unfortunately, on the "free" side, the accounting of async_free_space
did not add the sizeof(void *) back. The result was that up to 8-bytes of
async_free_space were leaked on every async transaction of 8-bytes or
less. These small transactions are uncommon, so this accounting issue
has gone undetected for several years.
The fix is to use "buffer_size" (the allocated buffer size) instead of
"size" (the logical buffer size) when updating the async_free_space
during the free operation. These are the same except for this
corner case of asynchronous transactions with payloads < 8 bytes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E4F21-CE5F-4E9D-A182-492968E35204",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "4.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34A1353-506A-4AB9-87EC-CD50F09DFB8A",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "4.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D16FBB-453E-4316-A027-E517828203D7",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "4.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: binder: corrige la contabilidad async_free_space para paquetes vac\u00edos En 4.13, el commit 74310e06be4d (\"android: binder: mover el b\u00fafer fuera del \u00e1rea compartida con el espacio del usuario\") solucion\u00f3 un problema de visibilidad de la estructura del kernel. Como parte de ese parche, se us\u00f3 sizeof(void *) como tama\u00f1o de b\u00fafer para cargas de datos de longitud 0, de modo que el controlador pudiera detectar clientes abusivos que enviaran transacciones asincr\u00f3nicas de longitud 0 a un servidor imponiendo l\u00edmites en async_free_size. Desafortunadamente, en el lado \"libre\", la contabilidad de async_free_space no volvi\u00f3 a agregar el tama\u00f1o de (void *). El resultado fue que se filtraron hasta 8 bytes de async_free_space en cada transacci\u00f3n as\u00edncrona de 8 bytes o menos. Estas peque\u00f1as transacciones son poco comunes, por lo que este problema contable ha pasado desapercibido durante varios a\u00f1os. La soluci\u00f3n es utilizar \"buffer_size\" (el tama\u00f1o del b\u00fafer asignado) en lugar de \"size\" (el tama\u00f1o del b\u00fafer l\u00f3gico) al actualizar async_free_space durante la operaci\u00f3n libre. Son iguales excepto por este caso de esquina de transacciones asincr\u00f3nicas con payloads \u0026lt;8 bytes."
}
],
"id": "CVE-2021-46935",
"lastModified": "2024-11-21T06:34:58.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-27T10:15:07.957",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-X9RP-8J88-VH76
Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 18:30
VLAI
Details
In the Linux kernel, the following vulnerability has been resolved:
binder: fix async_free_space accounting for empty parcels
In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size.
Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years.
The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes.
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-46935"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T10:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.",
"id": "GHSA-x9rp-8j88-vh76",
"modified": "2024-04-10T18:30:47Z",
"published": "2024-02-27T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46935"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2021-46935
Vulnerability from gsd - Updated: 2024-02-26 06:03Details
In the Linux kernel, the following vulnerability has been resolved:
binder: fix async_free_space accounting for empty parcels
In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space")
fixed a kernel structure visibility issue. As part of that patch,
sizeof(void *) was used as the buffer size for 0-length data payloads so
the driver could detect abusive clients sending 0-length asynchronous
transactions to a server by enforcing limits on async_free_size.
Unfortunately, on the "free" side, the accounting of async_free_space
did not add the sizeof(void *) back. The result was that up to 8-bytes of
async_free_space were leaked on every async transaction of 8-bytes or
less. These small transactions are uncommon, so this accounting issue
has gone undetected for several years.
The fix is to use "buffer_size" (the allocated buffer size) instead of
"size" (the logical buffer size) when updating the async_free_space
during the free operation. These are the same except for this
corner case of asynchronous transactions with payloads < 8 bytes.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-46935"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.",
"id": "GSD-2021-46935",
"modified": "2024-02-26T06:03:52.280296Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@kernel.org",
"ID": "CVE-2021-46935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "74310e06be4d",
"version_value": "2d2df539d052"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.261",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.224",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.170",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.90",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes."
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"name": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"name": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"name": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"name": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"name": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E4F21-CE5F-4E9D-A182-492968E35204",
"versionEndExcluding": "4.14.261",
"versionStartIncluding": "4.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34A1353-506A-4AB9-87EC-CD50F09DFB8A",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "4.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D16FBB-453E-4316-A027-E517828203D7",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "4.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: binder: corrige la contabilidad async_free_space para paquetes vac\u00edos En 4.13, el commit 74310e06be4d (\"android: binder: mover el b\u00fafer fuera del \u00e1rea compartida con el espacio del usuario\") solucion\u00f3 un problema de visibilidad de la estructura del kernel. Como parte de ese parche, se us\u00f3 sizeof(void *) como tama\u00f1o de b\u00fafer para cargas de datos de longitud 0, de modo que el controlador pudiera detectar clientes abusivos que enviaran transacciones asincr\u00f3nicas de longitud 0 a un servidor imponiendo l\u00edmites en async_free_size. Desafortunadamente, en el lado \"libre\", la contabilidad de async_free_space no volvi\u00f3 a agregar el tama\u00f1o de (void *). El resultado fue que se filtraron hasta 8 bytes de async_free_space en cada transacci\u00f3n as\u00edncrona de 8 bytes o menos. Estas peque\u00f1as transacciones son poco comunes, por lo que este problema contable ha pasado desapercibido durante varios a\u00f1os. La soluci\u00f3n es utilizar \"buffer_size\" (el tama\u00f1o del b\u00fafer asignado) en lugar de \"size\" (el tama\u00f1o del b\u00fafer l\u00f3gico) al actualizar async_free_space durante la operaci\u00f3n libre. Son iguales excepto por este caso de esquina de transacciones asincr\u00f3nicas con payloads \u0026lt;8 bytes."
}
],
"id": "CVE-2021-46935",
"lastModified": "2024-04-10T18:24:38.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-27T10:15:07.957",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
WID-SEC-W-2024-0488
Vulnerability from csaf_certbund - Published: 2024-02-26 23:00 - Updated: 2025-04-29 22:00Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer
Kyocera
|
cpe:/h:kyocera:printer:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
66 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0488 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0488.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0488 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0488"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022732-CVE-2021-46921-91dc@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022736-CVE-2021-46922-39b5@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022745-CVE-2021-46923-a1ec@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022748-CVE-2021-46924-3483@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022748-CVE-2021-46925-c422@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022748-CVE-2021-46926-9967@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022749-CVE-2021-46927-ae70@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022749-CVE-2021-46928-068d@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022749-CVE-2021-46929-9369@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022749-CVE-2021-46930-99ca@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46931-a468@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46932-3a36@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46933-2103@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46934-79c8@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46935-f8f4@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46936-2f8a@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-26",
"url": "http://lore.kernel.org/linux-cve-announce/2024022751-CVE-2021-46937-3ae8@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0855-1 vom 2024-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018151.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0858-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018153.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0900-1 vom 2024-03-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018167.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0910-1 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018181.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0900-2 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018182.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0977-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1320-1 vom 2024-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018372.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1321-1 vom 2024-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018375.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
"url": "https://ubuntu.com/security/notices/USN-6739-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
"url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1979-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018685.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-055 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-055.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-063 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-063.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
"url": "https://ubuntu.com/security/notices/USN-6938-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1669-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019269.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6973-1 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6973-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6976-1 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6976-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6973-2 vom 2024-08-23",
"url": "https://ubuntu.com/security/notices/USN-6973-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6973-3 vom 2024-08-26",
"url": "https://ubuntu.com/security/notices/USN-6973-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6973-4 vom 2024-09-02",
"url": "https://ubuntu.com/security/notices/USN-6973-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7006-1 vom 2024-09-12",
"url": "https://ubuntu.com/security/notices/USN-7006-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4100-1 vom 2024-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0034-1 vom 2025-01-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020071.html"
},
{
"category": "external",
"summary": "Kyocera Downloads",
"url": "https://www.kyoceradocumentsolutions.us/en/support/downloads.name-L3VzL2VuL3NvZnR3YXJlL0tZT0NFUkFERVZJQ0VNQU5BR0VS.html#tab=application"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2025-04-29T22:00:00.000+00:00",
"generator": {
"date": "2025-04-30T11:20:22.024+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0488",
"initial_release_date": "2024-02-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM und Ubuntu aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-08-19T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-25T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-26T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-12T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-28T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "30"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version",
"name": "virtual",
"product": {
"name": "Dell NetWorker virtual",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Kyocera Printer",
"product": {
"name": "Kyocera Printer",
"product_id": "T015471",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:-"
}
}
}
],
"category": "vendor",
"name": "Kyocera"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T033107",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46921",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46921"
},
{
"cve": "CVE-2021-46922",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46922"
},
{
"cve": "CVE-2021-46923",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46923"
},
{
"cve": "CVE-2021-46924",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46924"
},
{
"cve": "CVE-2021-46925",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46925"
},
{
"cve": "CVE-2021-46926",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46926"
},
{
"cve": "CVE-2021-46927",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46927"
},
{
"cve": "CVE-2021-46928",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46928"
},
{
"cve": "CVE-2021-46929",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46929"
},
{
"cve": "CVE-2021-46930",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46930"
},
{
"cve": "CVE-2021-46931",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46931"
},
{
"cve": "CVE-2021-46932",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46932"
},
{
"cve": "CVE-2021-46933",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46933"
},
{
"cve": "CVE-2021-46934",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46934"
},
{
"cve": "CVE-2021-46935",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46935"
},
{
"cve": "CVE-2021-46936",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46936"
},
{
"cve": "CVE-2021-46937",
"product_status": {
"known_affected": [
"T015471",
"T014381",
"T002207",
"67646",
"T000126",
"T033107",
"T024663",
"T034583",
"398363",
"T004914"
]
},
"release_date": "2024-02-26T23:00:00.000+00:00",
"title": "CVE-2021-46937"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…