cvelistv5 - cve-2021-45469

CVE-2021-45469 (GCVE-0-2021-45469)

Vulnerability from cvelistv5

Published

2021-12-23 18:45

Modified

2024-08-04 04:39

Severity ?

CWE

Summary

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

References

URL

Tags

cve@mitre.org	http://www.openwall.com/lists/oss-security/2021/12/25/1	Mailing List, Third Party Advisory
cve@mitre.org	https://bugzilla.kernel.org/show_bug.cgi?id=215235	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20220114-0003/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5050	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5096	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/25/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.kernel.org/show_bug.cgi?id=215235	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5050	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5096	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:21.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
          },
          {
            "name": "[oss-security] 20211224 CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
          },
          {
            "name": "FEDORA-2021-a7a558062e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
          },
          {
            "name": "FEDORA-2021-c387682aa1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
          },
          {
            "name": "DSA-5050",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5050"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-10T02:06:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
        },
        {
          "name": "[oss-security] 20211224 CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
        },
        {
          "name": "FEDORA-2021-a7a558062e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
        },
        {
          "name": "FEDORA-2021-c387682aa1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
        },
        {
          "name": "DSA-5050",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5050"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45469",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=215235",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
            },
            {
              "name": "[oss-security] 20211224 CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
            },
            {
              "name": "FEDORA-2021-a7a558062e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
            },
            {
              "name": "FEDORA-2021-c387682aa1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
            },
            {
              "name": "DSA-5050",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5050"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
            },
            {
              "name": "DSA-5096",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45469",
    "datePublished": "2021-12-23T18:45:57",
    "dateReserved": "2021-12-23T00:00:00",
    "dateUpdated": "2024-08-04T04:39:21.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-45469\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-12-23T19:15:12.693\",\"lastModified\":\"2024-11-21T06:32:16.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.\"},{\"lang\":\"es\",\"value\":\"En la funci\u00f3n __f2fs_setxattr en el archivo fs/f2fs/xattr.c en el kernel de Linux versiones hasta 5.15.11, se presenta un acceso a memoria fuera de l\u00edmites cuando un inodo presenta una \u00faltima entrada xattr no v\u00e1lida\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.15.11\",\"matchCriteriaId\":\"53CAA22E-A82B-43CD-A68E-9434DEE424B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/25/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.kernel.org/show_bug.cgi?id=215235\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220114-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5050\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5096\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/25/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.kernel.org/show_bug.cgi?id=215235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220114-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

msrc_cve-2021-45469

Vulnerability from csaf_microsoft

Published

2021-12-02 00:00

Modified

2022-01-05 00:00

Summary

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-45469 In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-45469.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry.",
    "tracking": {
      "current_release_date": "2022-01-05T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T22:29:46.217Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-45469",
      "initial_release_date": "2021-12-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-01-05T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 kernel 5.10.89.1-2",
                "product": {
                  "name": "\u003ccm1 kernel 5.10.89.1-2",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 kernel 5.10.89.1-2",
                "product": {
                  "name": "cm1 kernel 5.10.89.1-2",
                  "product_id": "18909"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 kernel 5.15.18.1-1",
                "product": {
                  "name": "\u003ccbl2 kernel 5.15.18.1-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 kernel 5.15.18.1-1",
                "product": {
                  "name": "cbl2 kernel 5.15.18.1-1",
                  "product_id": "18809"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 kernel 5.10.89.1-2 as a component of CBL Mariner 1.0",
          "product_id": "16820-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 kernel 5.10.89.1-2 as a component of CBL Mariner 1.0",
          "product_id": "18909-16820"
        },
        "product_reference": "18909",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 kernel 5.15.18.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kernel 5.15.18.1-1 as a component of CBL Mariner 2.0",
          "product_id": "18809-17086"
        },
        "product_reference": "18809",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-45469",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "18909-16820",
          "18809-17086"
        ],
        "known_affected": [
          "16820-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-45469 In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-45469.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-05T00:00:00.000Z",
          "details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2022-01-05T00:00:00.000Z",
          "details": "5.15.18.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-1",
            "17086-2"
          ]
        }
      ],
      "title": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry."
    }
  ]
}

CERTFR-2022-AVI-231

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Debian	N/A	Debian stable (bullseye) versions antérieures à 5.10.103-1
	Debian	N/A	Debian oldstable (buster) versions antérieures à 4.19.232-1

References

Title

Publication Time

Tags

Bulletin de sécurité Debian dsa-5095 du 09 mars 2022	None	vendor-advisory
Bulletin de sécurité Debian dsa-5096 du 09 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Debian stable (bullseye) versions ant\u00e9rieures \u00e0 5.10.103-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    },
    {
      "description": "Debian oldstable (buster) versions ant\u00e9rieures \u00e0 4.19.232-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
    },
    {
      "name": "CVE-2021-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
    },
    {
      "name": "CVE-2021-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
    },
    {
      "name": "CVE-2021-4202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
    },
    {
      "name": "CVE-2021-41864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
    },
    {
      "name": "CVE-2021-38300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38300"
    },
    {
      "name": "CVE-2022-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0644"
    },
    {
      "name": "CVE-2021-45095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
    },
    {
      "name": "CVE-2022-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0002"
    },
    {
      "name": "CVE-2022-0487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0487"
    },
    {
      "name": "CVE-2021-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3760"
    },
    {
      "name": "CVE-2021-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
    },
    {
      "name": "CVE-2021-43975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
    },
    {
      "name": "CVE-2021-4135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
    },
    {
      "name": "CVE-2021-28713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
    },
    {
      "name": "CVE-2021-4002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2020-36310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36310"
    },
    {
      "name": "CVE-2021-20321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20321"
    },
    {
      "name": "CVE-2021-44733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
    },
    {
      "name": "CVE-2021-28712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
    },
    {
      "name": "CVE-2021-45480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45480"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2021-39713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39713"
    },
    {
      "name": "CVE-2022-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
    },
    {
      "name": "CVE-2021-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
    },
    {
      "name": "CVE-2022-25258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25258"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2022-25636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25636"
    },
    {
      "name": "CVE-2020-29374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29374"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2021-43976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
    },
    {
      "name": "CVE-2021-42739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2021-22600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
    },
    {
      "name": "CVE-2021-45469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45469"
    },
    {
      "name": "CVE-2022-24448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
    },
    {
      "name": "CVE-2022-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2021-39685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
    },
    {
      "name": "CVE-2022-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
    },
    {
      "name": "CVE-2021-39698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39698"
    },
    {
      "name": "CVE-2021-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
    },
    {
      "name": "CVE-2021-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
    },
    {
      "name": "CVE-2022-0617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
    },
    {
      "name": "CVE-2022-25375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25375"
    },
    {
      "name": "CVE-2021-39686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39686"
    },
    {
      "name": "CVE-2021-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3744"
    },
    {
      "name": "CVE-2021-28715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
    },
    {
      "name": "CVE-2022-24959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24959"
    },
    {
      "name": "CVE-2021-43389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
    }
  ],
  "initial_release_date": "2022-03-10T00:00:00",
  "last_revision_date": "2022-03-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-231",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-5095 du 09 mars 2022",
      "url": "https://www.debian.org/security/2022/dsa-5095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-5096 du 09 mars 2022",
      "url": "https://www.debian.org/security/2022/dsa-5096"
    }
  ]
}

CERTFR-2022-AVI-343

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ubuntu	Ubuntu	Ubuntu 20.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-5377-1 du 13 avril 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
    },
    {
      "name": "CVE-2022-27666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27666"
    },
    {
      "name": "CVE-2021-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
    },
    {
      "name": "CVE-2021-4135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
    },
    {
      "name": "CVE-2021-28713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
    },
    {
      "name": "CVE-2021-44733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
    },
    {
      "name": "CVE-2021-28712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
    },
    {
      "name": "CVE-2021-45480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45480"
    },
    {
      "name": "CVE-2021-43976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
    },
    {
      "name": "CVE-2021-45469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45469"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2022-1055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1055"
    },
    {
      "name": "CVE-2022-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
    },
    {
      "name": "CVE-2021-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
    },
    {
      "name": "CVE-2021-28715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
    }
  ],
  "initial_release_date": "2022-04-14T00:00:00",
  "last_revision_date": "2022-04-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-343",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5377-1 du 13 avril 2022",
      "url": "https://ubuntu.com/security/notices/USN-5377-1"
    }
  ]
}

CERTFR-2022-AVI-264

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Debian	N/A	Debian 9 stretch LTS versions antérieures à 4.19.232-1~deb9u1
	Debian	N/A	Debian 9 stretch versions antérieures à 4.9.303-1

References

Title

Publication Time

Tags

Bulletin de sécurité le noyau Linux de Debian dla-2940 du 09 mars 2022	None	vendor-advisory
Bulletin de sécurité le noyau Linux de Debian dla-2941 du 09 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Debian 9 stretch LTS versions ant\u00e9rieures \u00e0 4.19.232-1~deb9u1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    },
    {
      "description": "Debian 9 stretch versions ant\u00e9rieures \u00e0 4.9.303-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
    },
    {
      "name": "CVE-2021-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
    },
    {
      "name": "CVE-2021-29264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29264"
    },
    {
      "name": "CVE-2021-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
    },
    {
      "name": "CVE-2021-4202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
    },
    {
      "name": "CVE-2021-41864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
    },
    {
      "name": "CVE-2021-38300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38300"
    },
    {
      "name": "CVE-2022-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0644"
    },
    {
      "name": "CVE-2021-45095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
    },
    {
      "name": "CVE-2022-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0002"
    },
    {
      "name": "CVE-2022-0487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0487"
    },
    {
      "name": "CVE-2021-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3760"
    },
    {
      "name": "CVE-2021-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
    },
    {
      "name": "CVE-2021-43975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
    },
    {
      "name": "CVE-2021-4135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
    },
    {
      "name": "CVE-2021-28713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
    },
    {
      "name": "CVE-2021-4002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2021-39714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39714"
    },
    {
      "name": "CVE-2021-20321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20321"
    },
    {
      "name": "CVE-2021-44733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
    },
    {
      "name": "CVE-2021-28712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
    },
    {
      "name": "CVE-2021-45480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45480"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2021-39713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39713"
    },
    {
      "name": "CVE-2022-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
    },
    {
      "name": "CVE-2021-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
    },
    {
      "name": "CVE-2022-25258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25258"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2020-29374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29374"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2021-43976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
    },
    {
      "name": "CVE-2021-42739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2021-22600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
    },
    {
      "name": "CVE-2021-45469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45469"
    },
    {
      "name": "CVE-2022-24448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
    },
    {
      "name": "CVE-2022-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2021-39685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
    },
    {
      "name": "CVE-2022-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
    },
    {
      "name": "CVE-2021-39698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39698"
    },
    {
      "name": "CVE-2021-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
    },
    {
      "name": "CVE-2021-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
    },
    {
      "name": "CVE-2022-0617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
    },
    {
      "name": "CVE-2022-25375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25375"
    },
    {
      "name": "CVE-2021-39686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39686"
    },
    {
      "name": "CVE-2021-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3744"
    },
    {
      "name": "CVE-2021-28715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
    },
    {
      "name": "CVE-2021-33033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
    },
    {
      "name": "CVE-2022-24959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24959"
    },
    {
      "name": "CVE-2021-43389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-264",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Debian dla-2940 du 09 mars 2022",
      "url": "https://www.debian.org/lts/security/2022/dla-2940"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Debian dla-2941 du 09 mars 2022",
      "url": "https://www.debian.org/lts/security/2022/dla-2941"
    }
  ]
}

CERTFR-2022-AVI-265

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 21.10
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité le noyau Linux de Ubuntu USN-5343-1 du 22 mars 2022	None	vendor-advisory
Bulletin de sécurité le noyau Linux de Ubuntu USN-5339-1 du 22 mars 2022	None	vendor-advisory
Bulletin de sécurité le noyau Linux de Ubuntu USN-5338-1 du 22 mars 2022	None	vendor-advisory
Bulletin de sécurité le noyau Linux de Ubuntu USN-5337-1 du 22 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 21.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-38208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38208"
    },
    {
      "name": "CVE-2021-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
    },
    {
      "name": "CVE-2020-26139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
    },
    {
      "name": "CVE-2021-45485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
    },
    {
      "name": "CVE-2021-33034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
    },
    {
      "name": "CVE-2021-34693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
    },
    {
      "name": "CVE-2020-25672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
    },
    {
      "name": "CVE-2021-3679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
    },
    {
      "name": "CVE-2021-3483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3483"
    },
    {
      "name": "CVE-2021-38204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
    },
    {
      "name": "CVE-2020-36385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
    },
    {
      "name": "CVE-2021-45095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2021-38160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38160"
    },
    {
      "name": "CVE-2018-5995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5995"
    },
    {
      "name": "CVE-2020-12655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12655"
    },
    {
      "name": "CVE-2021-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
    },
    {
      "name": "CVE-2021-43975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
    },
    {
      "name": "CVE-2021-4135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
    },
    {
      "name": "CVE-2021-28713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
    },
    {
      "name": "CVE-2021-45402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45402"
    },
    {
      "name": "CVE-2022-0264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0264"
    },
    {
      "name": "CVE-2021-44733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
    },
    {
      "name": "CVE-2021-3506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3506"
    },
    {
      "name": "CVE-2021-28712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
    },
    {
      "name": "CVE-2021-33098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
    },
    {
      "name": "CVE-2022-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0516"
    },
    {
      "name": "CVE-2021-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
    },
    {
      "name": "CVE-2021-45480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45480"
    },
    {
      "name": "CVE-2021-40490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40490"
    },
    {
      "name": "CVE-2020-25671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
    },
    {
      "name": "CVE-2021-38198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38198"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-43976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
    },
    {
      "name": "CVE-2020-26558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
    },
    {
      "name": "CVE-2021-28688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28688"
    },
    {
      "name": "CVE-2021-45469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45469"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2021-39685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
    },
    {
      "name": "CVE-2020-26147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
    },
    {
      "name": "CVE-2022-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
    },
    {
      "name": "CVE-2021-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
    },
    {
      "name": "CVE-2016-2854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2854"
    },
    {
      "name": "CVE-2021-39698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39698"
    },
    {
      "name": "CVE-2022-0382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0382"
    },
    {
      "name": "CVE-2021-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
    },
    {
      "name": "CVE-2020-25670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
    },
    {
      "name": "CVE-2021-42008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42008"
    },
    {
      "name": "CVE-2021-28972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28972"
    },
    {
      "name": "CVE-2021-23134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
    },
    {
      "name": "CVE-2021-32399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
    },
    {
      "name": "CVE-2021-20292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20292"
    },
    {
      "name": "CVE-2019-19449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19449"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2021-28715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
    },
    {
      "name": "CVE-2021-33033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
    },
    {
      "name": "CVE-2016-2853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2853"
    },
    {
      "name": "CVE-2021-39648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39648"
    },
    {
      "name": "CVE-2021-4197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
    },
    {
      "name": "CVE-2020-25673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25673"
    },
    {
      "name": "CVE-2022-23222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
    },
    {
      "name": "CVE-2022-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0742"
    },
    {
      "name": "CVE-2021-43389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nUbuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5343-1 du 22 mars 2022",
      "url": "https://ubuntu.com/security/notices/USN-5343-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5339-1 du 22 mars 2022",
      "url": "https://ubuntu.com/security/notices/USN-5339-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5338-1 du 22 mars 2022",
      "url": "https://ubuntu.com/security/notices/USN-5338-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5337-1 du 22 mars 2022",
      "url": "https://ubuntu.com/security/notices/USN-5337-1"
    }
  ]
}

CERTFR-2022-AVI-071

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Debian	N/A	Debian 11 (bullseye) versions antérieures à 5.10.92-1

References

Title

Publication Time

Tags

Bulletin de sécurité Debian dsa-5050 du 20 janvier 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Debian 11 (bullseye) versions ant\u00e9rieures \u00e0 5.10.92-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
    },
    {
      "name": "CVE-2021-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
    },
    {
      "name": "CVE-2021-28713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
    },
    {
      "name": "CVE-2022-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
    },
    {
      "name": "CVE-2021-28712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
    },
    {
      "name": "CVE-2021-45480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45480"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2021-45469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45469"
    },
    {
      "name": "CVE-2021-39685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
    },
    {
      "name": "CVE-2021-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
    },
    {
      "name": "CVE-2021-28715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
    },
    {
      "name": "CVE-2022-23222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
    }
  ],
  "initial_release_date": "2022-01-24T00:00:00",
  "last_revision_date": "2022-01-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-071",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-5050 du 20 janvier 2022",
      "url": "https://www.debian.org/security/2022/dsa-5050"
    }
  ]
}

cnvd-2022-00608

Vulnerability from cnvd

Title

Linux kernel存在未明漏洞（CNVD-2022-00608）

Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 5.15.11之前版本存在安全漏洞，该漏洞源于Linux内核的fs/f2fs/xattr.c中的__f2fs_setxattr，当一个inode有一个无效的最后一个xattr条目时，会有超出边界的内存访问，攻击者可利用该漏洞导致越界内存访问。

Severity

中

Patch Name

Linux kernel存在未明漏洞（CNVD-2022-00608）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bugzilla.kernel.org/show_bug.cgi?id=215235

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1

Impacted products

Name
Linux kernel <5.15.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-45469"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel 5.15.11\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eLinux\u5185\u6838\u7684fs/f2fs/xattr.c\u4e2d\u7684__f2fs_setxattr\uff0c\u5f53\u4e00\u4e2ainode\u6709\u4e00\u4e2a\u65e0\u6548\u7684\u6700\u540e\u4e00\u4e2axattr\u6761\u76ee\u65f6\uff0c\u4f1a\u6709\u8d85\u51fa\u8fb9\u754c\u7684\u5185\u5b58\u8bbf\u95ee\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215235",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-00608",
  "openTime": "2022-01-05",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 5.15.11\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eLinux\u5185\u6838\u7684fs/f2fs/xattr.c\u4e2d\u7684__f2fs_setxattr\uff0c\u5f53\u4e00\u4e2ainode\u6709\u4e00\u4e2a\u65e0\u6548\u7684\u6700\u540e\u4e00\u4e2axattr\u6761\u76ee\u65f6\uff0c\u4f1a\u6709\u8d85\u51fa\u8fb9\u754c\u7684\u5185\u5b58\u8bbf\u95ee\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-00608\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux kernel \u003c5.15.11"
  },
  "referenceLink": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1",
  "serverity": "\u4e2d",
  "submitTime": "2021-12-27",
  "title": "Linux kernel\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-00608\uff09"
}

gsd-2021-45469

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

Aliases

CVE-2021-45469

Aliases

CVE-2021-45469

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-45469",
    "description": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.",
    "id": "GSD-2021-45469",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-45469.html",
      "https://www.debian.org/security/2022/dsa-5050",
      "https://www.debian.org/security/2022/dsa-5096",
      "https://advisories.mageia.org/CVE-2021-45469.html",
      "https://ubuntu.com/security/CVE-2021-45469"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-45469"
      ],
      "details": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.",
      "id": "GSD-2021-45469",
      "modified": "2023-12-13T01:23:19.313007Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-45469",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.kernel.org/show_bug.cgi?id=215235",
            "refsource": "MISC",
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
          },
          {
            "name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1",
            "refsource": "MISC",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
          },
          {
            "name": "[oss-security] 20211224 CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
          },
          {
            "name": "FEDORA-2021-a7a558062e",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
          },
          {
            "name": "FEDORA-2021-c387682aa1",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20220114-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
          },
          {
            "name": "DSA-5050",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2022/dsa-5050"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2022/dsa-5096"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.15.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45469"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
            },
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=215235",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
            },
            {
              "name": "[oss-security] 20211224 CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
            },
            {
              "name": "FEDORA-2021-c387682aa1",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
            },
            {
              "name": "FEDORA-2021-a7a558062e",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
            },
            {
              "name": "DSA-5050",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5050"
            },
            {
              "name": "DSA-5096",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5096"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-06T14:11Z",
      "publishedDate": "2021-12-23T19:15Z"
    }
  }
}

ghsa-mvqq-5fjm-9rq9

Vulnerability from github

Published

2021-12-24 00:00

Modified

2022-03-17 00:06

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-45469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-23T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.",
  "id": "GHSA-mvqq-5fjm-9rq9",
  "modified": "2022-03-17T00:06:24Z",
  "published": "2021-12-24T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45469"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220114-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5050"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5096"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2021-45469

Vulnerability from fkie_nvd

Published

2021-12-23 19:15

Modified

2024-11-21 06:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2021/12/25/1	Mailing List, Third Party Advisory
cve@mitre.org	https://bugzilla.kernel.org/show_bug.cgi?id=215235	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20220114-0003/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5050	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5096	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/25/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.kernel.org/show_bug.cgi?id=215235	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5050	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5096	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	h410c_firmware	-
netapp	h410c	-
netapp	h300s_firmware	-
netapp	h300s	-
netapp	h500s_firmware	-
netapp	h500s	-
netapp	h700s_firmware	-
netapp	h700s	-
netapp	h300e_firmware	-
netapp	h300e	-
netapp	h500e_firmware	-
netapp	h500e	-
netapp	h700e_firmware	-
netapp	h700e	-
netapp	h410s_firmware	-
netapp	h410s	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CAA22E-A82B-43CD-A68E-9434DEE424B2",
              "versionEndIncluding": "5.15.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry."
    },
    {
      "lang": "es",
      "value": "En la funci\u00f3n __f2fs_setxattr en el archivo fs/f2fs/xattr.c en el kernel de Linux versiones hasta 5.15.11, se presenta un acceso a memoria fuera de l\u00edmites cuando un inodo presenta una \u00faltima entrada xattr no v\u00e1lida"
    }
  ],
  "id": "CVE-2021-45469",
  "lastModified": "2024-11-21T06:32:16.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-23T19:15:12.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5050"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=215235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev\u0026id=5598b24efaf4892741c798b425d543e4bed357a1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5096"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-45469 (GCVE-0-2021-45469)

Vulnerability from cvelistv5

Vulnerability from csaf_microsoft

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from cnvd

Vulnerability from gsd

Vulnerability from github

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature