cvelistv5 - cve-2021-30178

CVE-2021-30178 (GCVE-0-2021-30178)

Vulnerability from cvelistv5

Published

2021-04-06 23:29

Modified

2024-08-03 22:24

Severity ?

CWE

Summary

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

cnvd-2021-31922

Vulnerability from cnvd

Title

Linux kernel空指针解引用漏洞（CNVD-2021-31922）

Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行。 Linux kernel 5.11.11及更早版本中的arch/x86/kvm/hyperv.c中的synic_get存在空指针解引用漏洞。目前没有详细的漏洞细节提供。

Severity

低

Patch Name

Linux kernel空指针解引用漏洞（CNVD-2021-31922）的补丁

Patch Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行。 Linux kernel 5.11.11及更早版本中的arch/x86/kvm/hyperv.c中的synic_get存在空指针解引用漏洞。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新：https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-30178

Impacted products

Name
Linux Linux kernel <=5.11.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-30178",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-30178"
    }
  },
  "description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 5.11.11\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684arch/x86/kvm/hyperv.c\u4e2d\u7684synic_get\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-31922",
  "openTime": "2021-04-29",
  "patchDescription": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\r\n\r\nLinux kernel 5.11.11\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684arch/x86/kvm/hyperv.c\u4e2d\u7684synic_get\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2021-31922\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux  Linux kernel \u003c=5.11.11"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-30178",
  "serverity": "\u4f4e",
  "submitTime": "2021-04-07",
  "title": "Linux kernel\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2021-31922\uff09"
}

wid-sec-w-2022-2072

Vulnerability from csaf_certbund

Published

2021-04-06 22:00

Modified

2024-07-02 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2072 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-2072.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2072 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2072"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1572-1 vom 2021-05-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008763.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1596-1 vom 2021-05-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008770.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1573-1 vom 2021-05-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008764.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1595-1 vom 2021-05-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008769.html"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0774a964ef561b7170d8d1b1bfe6f88002b6d219"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7be74942f184fdfba34ddd19a0d995deb34d4a03"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e72436bc3a5206f95bb384e741154166ddb3202e"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30178"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36313"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36312"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36311"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36310"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1605-1 vom 2021-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008775.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Bug-Tracker 1947982 vom 2021-04-09",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947982"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1617-1 vom 2021-05-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008777.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1624-1 vom 2021-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008781.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1623-1 vom 2021-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008780.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1625-1 vom 2021-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008782.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1211-1 vom 2021-04-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008642.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1210-1 vom 2021-04-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008641.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1238-1 vom 2021-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008645.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1248-1 vom 2021-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008651.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1266-1 vom 2021-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008657.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1301-1 vom 2021-04-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008670.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9306 vom 2021-06-15",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9306.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9307 vom 2021-06-15",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9307.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1975-1 vom 2021-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009015.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1977-1 vom 2021-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009018.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5120-1 vom 2021-10-22",
        "url": "https://ubuntu.com/security/notices/USN-5120-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4941 vom 2021-07-20",
        "url": "https://lists.debian.org/debian-security-announce/2021/msg00124.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2714 vom 2021-07-20",
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5071-1 vom 2021-09-09",
        "url": "https://ubuntu.com/security/notices/USN-5071-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5071-2 vom 2021-09-16",
        "url": "https://ubuntu.com/security/notices/USN-5071-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9451 vom 2021-09-16",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9451.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9450 vom 2021-09-16",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9450.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2022-006 vom 2022-01-31",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-006.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5095 vom 2022-03-09",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00062.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9999 vom 2022-11-16",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9999.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-02T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:38:16.928+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2072",
      "initial_release_date": "2021-04-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-04-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-04-11T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-04-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-20T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-21T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-13T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-16T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-17T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-18T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-06-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-06-15T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-07-20T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-09-08T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-09-16T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
        },
        {
          "date": "2021-10-21T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-01-30T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-03-09T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "23"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.11",
                "product": {
                  "name": "Dell NetWorker \u003c19.11",
                  "product_id": "T035785"
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.7",
                  "product_id": "790655"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.8",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.8",
                  "product_id": "839976"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.8.10",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.8.10",
                  "product_id": "859660"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=5.11.11",
                "product": {
                  "name": "Open Source Linux Kernel \u003c=5.11.11",
                  "product_id": "T018740"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.9",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.9",
                  "product_id": "T018797"
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36310",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche in \"arch/x86/kvm/svm/svm.c\" besteht und eine Endlos-Schleife f\u00fcr bestimmte verschachtelte Seitenfehler erm\u00f6glicht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36310"
    },
    {
      "cve": "CVE-2020-36311",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche in \"arch/x86/kvm/svm/sev.c\" auftritt. Wenn eine gro\u00dfe SEV VM gel\u00f6scht wird, m\u00fcssen einige verschl\u00fcsselte Regionen deregistriert werden, wodurch ein Denial of Service Zustand herbeigef\u00fchrt werden kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "859660",
          "839976",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "790655",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36311"
    },
    {
      "cve": "CVE-2020-36312",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche in \"virt/kvm/kvm_main.c\" auftritt und auf ein Speicherleck zur\u00fcckzuf\u00fchren ist, welches bei einem fehlerhaften \"malloc\" auftritt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "839976",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "790655",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36312"
    },
    {
      "cve": "CVE-2020-36313",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche im KVM Subsystem liegt. Das KVM Subsystem erlaubt den Out-of-Range-Zugriff auf Memslots, nachdem diese gel\u00f6scht wurden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36313"
    },
    {
      "cve": "CVE-2021-30178",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche aufgrund einer NULL-Zeiger-Dereferenzierung f\u00fcr bestimmte Zugriffe auf den \"SynIC Hyper-V\" Kontext besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "859660",
          "839976",
          "T018797",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "790655",
          "T035785"
        ],
        "last_affected": [
          "T018740"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2021-30178"
    }
  ]
}

WID-SEC-W-2022-2072

Vulnerability from csaf_certbund

Published

2021-04-06 22:00

Modified

2024-07-02 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2072 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-2072.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2072 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2072"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1572-1 vom 2021-05-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008763.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1596-1 vom 2021-05-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008770.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1573-1 vom 2021-05-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008764.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1595-1 vom 2021-05-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008769.html"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0774a964ef561b7170d8d1b1bfe6f88002b6d219"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7be74942f184fdfba34ddd19a0d995deb34d4a03"
      },
      {
        "category": "external",
        "summary": "Kernel Git vom 2021-04-06",
        "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e72436bc3a5206f95bb384e741154166ddb3202e"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30178"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36313"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36312"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36311"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2021-04-06",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36310"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1605-1 vom 2021-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008775.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Bug-Tracker 1947982 vom 2021-04-09",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947982"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1617-1 vom 2021-05-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008777.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1624-1 vom 2021-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008781.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1623-1 vom 2021-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008780.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1625-1 vom 2021-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008782.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1211-1 vom 2021-04-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008642.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1210-1 vom 2021-04-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008641.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1238-1 vom 2021-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008645.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1248-1 vom 2021-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008651.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1266-1 vom 2021-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008657.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1301-1 vom 2021-04-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008670.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9306 vom 2021-06-15",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9306.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9307 vom 2021-06-15",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9307.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1975-1 vom 2021-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009015.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1977-1 vom 2021-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009018.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5120-1 vom 2021-10-22",
        "url": "https://ubuntu.com/security/notices/USN-5120-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4941 vom 2021-07-20",
        "url": "https://lists.debian.org/debian-security-announce/2021/msg00124.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2714 vom 2021-07-20",
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5071-1 vom 2021-09-09",
        "url": "https://ubuntu.com/security/notices/USN-5071-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5071-2 vom 2021-09-16",
        "url": "https://ubuntu.com/security/notices/USN-5071-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9451 vom 2021-09-16",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9451.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9450 vom 2021-09-16",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9450.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2022-006 vom 2022-01-31",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-006.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5095 vom 2022-03-09",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00062.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9999 vom 2022-11-16",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9999.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-02T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:38:16.928+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2072",
      "initial_release_date": "2021-04-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-04-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-04-11T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-04-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-20T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-21T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-13T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-16T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-17T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-18T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-06-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-06-15T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-07-20T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-09-08T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-09-16T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
        },
        {
          "date": "2021-10-21T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-01-30T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-03-09T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "23"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.11",
                "product": {
                  "name": "Dell NetWorker \u003c19.11",
                  "product_id": "T035785"
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.7",
                  "product_id": "790655"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.8",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.8",
                  "product_id": "839976"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.8.10",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.8.10",
                  "product_id": "859660"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=5.11.11",
                "product": {
                  "name": "Open Source Linux Kernel \u003c=5.11.11",
                  "product_id": "T018740"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.9",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.9",
                  "product_id": "T018797"
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36310",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche in \"arch/x86/kvm/svm/svm.c\" besteht und eine Endlos-Schleife f\u00fcr bestimmte verschachtelte Seitenfehler erm\u00f6glicht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36310"
    },
    {
      "cve": "CVE-2020-36311",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche in \"arch/x86/kvm/svm/sev.c\" auftritt. Wenn eine gro\u00dfe SEV VM gel\u00f6scht wird, m\u00fcssen einige verschl\u00fcsselte Regionen deregistriert werden, wodurch ein Denial of Service Zustand herbeigef\u00fchrt werden kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "859660",
          "839976",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "790655",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36311"
    },
    {
      "cve": "CVE-2020-36312",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche in \"virt/kvm/kvm_main.c\" auftritt und auf ein Speicherleck zur\u00fcckzuf\u00fchren ist, welches bei einem fehlerhaften \"malloc\" auftritt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "839976",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "790655",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36312"
    },
    {
      "cve": "CVE-2020-36313",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche im KVM Subsystem liegt. Das KVM Subsystem erlaubt den Out-of-Range-Zugriff auf Memslots, nachdem diese gel\u00f6scht wurden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "T035785"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2020-36313"
    },
    {
      "cve": "CVE-2021-30178",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel, welche aufgrund einer NULL-Zeiger-Dereferenzierung f\u00fcr bestimmte Zugriffe auf den \"SynIC Hyper-V\" Kontext besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "859660",
          "839976",
          "T018797",
          "2951",
          "T002207",
          "T000126",
          "398363",
          "T004914",
          "790655",
          "T035785"
        ],
        "last_affected": [
          "T018740"
        ]
      },
      "release_date": "2021-04-06T22:00:00.000+00:00",
      "title": "CVE-2021-30178"
    }
  ]
}

msrc_cve-2021-30178

Vulnerability from csaf_microsoft

Published

2021-04-02 00:00

Modified

2023-03-10 00:00

Summary

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-30178 An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-30178.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987.",
    "tracking": {
      "current_release_date": "2023-03-10T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T21:54:18.967Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-30178",
      "initial_release_date": "2021-04-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-04-14T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2021-12-16T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added kernel to CBL-Mariner 2.0"
        },
        {
          "date": "2023-03-10T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 kernel 5.10.60.1-1",
                "product": {
                  "name": "\u003ccm1 kernel 5.10.60.1-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 kernel 5.10.60.1-1",
                "product": {
                  "name": "cm1 kernel 5.10.60.1-1",
                  "product_id": "16919"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 kernel 5.10.78.1-1",
                "product": {
                  "name": "\u003ccbl2 kernel 5.10.78.1-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 kernel 5.10.78.1-1",
                "product": {
                  "name": "cbl2 kernel 5.10.78.1-1",
                  "product_id": "16920"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 kernel 5.10.60.1-1 as a component of CBL Mariner 1.0",
          "product_id": "16820-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 kernel 5.10.60.1-1 as a component of CBL Mariner 1.0",
          "product_id": "16919-16820"
        },
        "product_reference": "16919",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 kernel 5.10.78.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kernel 5.10.78.1-1 as a component of CBL Mariner 2.0",
          "product_id": "16920-17086"
        },
        "product_reference": "16920",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-30178",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16919-16820",
          "16920-17086"
        ],
        "known_affected": [
          "16820-2",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-30178 An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-30178.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-14T00:00:00.000Z",
          "details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2021-04-14T00:00:00.000Z",
          "details": "5.10.78.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-2",
            "17086-1"
          ]
        }
      ],
      "title": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context aka CID-919f4ebc5987."
    }
  ]
}

ghsa-5qhm-686w-6256

Vulnerability from github

Published

2022-05-24 17:46

Modified

2022-05-24 17:46

Details

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-07T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.",
  "id": "GHSA-5qhm-686w-6256",
  "modified": "2022-05-24T17:46:49Z",
  "published": "2022-05-24T17:46:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30178"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2021-30178

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

Aliases

CVE-2021-30178

Aliases

CVE-2021-30178

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30178",
    "description": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.",
    "id": "GSD-2021-30178",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-30178.html",
      "https://security.archlinux.org/CVE-2021-30178"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30178"
      ],
      "details": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.",
      "id": "GSD-2021-30178",
      "modified": "2023-12-13T01:23:31.024699Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-30178",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918",
            "refsource": "MISC",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
          },
          {
            "name": "FEDORA-2021-e71c033f88",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/"
          },
          {
            "name": "FEDORA-2021-57a7ba61f8",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/"
          },
          {
            "name": "FEDORA-2021-8b64847a44",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.11.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30178"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
            },
            {
              "name": "FEDORA-2021-57a7ba61f8",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/"
            },
            {
              "name": "FEDORA-2021-e71c033f88",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/"
            },
            {
              "name": "FEDORA-2021-8b64847a44",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-06-04T19:03Z",
      "publishedDate": "2021-04-07T00:15Z"
    }
  }
}

fkie_cve-2021-30178

Vulnerability from fkie_nvd

Published

2021-04-07 00:15

Modified

2024-11-21 06:03

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

References

URL	Tags
cve@mitre.org	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C0B5610-E1DE-43FF-818E-4D626E2D2DE0",
              "versionEndIncluding": "5.11.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.11.11.\u0026#xa0;La funci\u00f3n synic_get en el archivo arch/x86/kvm/hyperv.c presenta una desreferencia de puntero NULL para determinados accesos en el contexto SynIC Hyper-V, tambi\u00e9n se conoce como CID-919f4ebc5987"
    }
  ],
  "id": "CVE-2021-30178",
  "lastModified": "2024-11-21T06:03:28.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-07T00:15:13.367",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-30178 (GCVE-0-2021-30178)

Vulnerability from cvelistv5

cnvd-2021-31922

Vulnerability from cnvd

wid-sec-w-2022-2072

Vulnerability from csaf_certbund

WID-SEC-W-2022-2072

Vulnerability from csaf_certbund

msrc_cve-2021-30178

Vulnerability from csaf_microsoft

ghsa-5qhm-686w-6256

Vulnerability from github

gsd-2021-30178

Vulnerability from gsd

fkie_cve-2021-30178

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature