csaf_suse - suse-su-2021:2198-1

suse-su-2021:2198-1

Vulnerability from csaf_suse

Published

2021-06-29 08:59

Modified

2021-06-29 08:59

Summary

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)

Description of the patch

This update for the Linux Kernel 5.3.18-57 fixes several issues. The following issues were fixed: - CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bsc#1185640). - CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bsc#1185641). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185847).

Patchnames

SUSE-2021-2198,SUSE-SLE-Module-Live-Patching-15-SP3-2021-2198

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-57 fixes several issues.\n\nThe following issues were fixed:\n\n- CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bsc#1185640).\n- CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bsc#1185641).\n- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111).\n- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611).\n- CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).\n- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593).\n- Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185847).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-2198,SUSE-SLE-Module-Live-Patching-15-SP3-2021-2198",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2198-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:2198-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212198-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:2198-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009102.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183658",
        "url": "https://bugzilla.suse.com/1183658"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184710",
        "url": "https://bugzilla.suse.com/1184710"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184952",
        "url": "https://bugzilla.suse.com/1184952"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185796",
        "url": "https://bugzilla.suse.com/1185796"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185847",
        "url": "https://bugzilla.suse.com/1185847"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185856",
        "url": "https://bugzilla.suse.com/1185856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185899",
        "url": "https://bugzilla.suse.com/1185899"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186285",
        "url": "https://bugzilla.suse.com/1186285"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-36322 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-36322/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28660 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28660/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-29154 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-29154/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-32399 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-32399/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-33034 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-33034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3489 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3489/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3490 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3490/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2021-06-29T08:59:01Z",
      "generator": {
        "date": "2021-06-29T08:59:01Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:2198-1",
      "initial_release_date": "2021-06-29T08:59:01Z",
      "revision_history": [
        {
          "date": "2021-06-29T08:59:01Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-57-default-2-3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-57-default-2-3.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-57-default-2-3.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-57-preempt-2-3.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-57-preempt-2-3.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-57-preempt-2-3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-57-default-2-3.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-57-default-2-3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-57-default-2-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36322",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-36322"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-36322",
          "url": "https://www.suse.com/security/cve/CVE-2020-36322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184211 for CVE-2020-36322",
          "url": "https://bugzilla.suse.com/1184211"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184952 for CVE-2020-36322",
          "url": "https://bugzilla.suse.com/1184952"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189302 for CVE-2020-36322",
          "url": "https://bugzilla.suse.com/1189302"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-36322"
    },
    {
      "cve": "CVE-2021-28660",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28660"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28660",
          "url": "https://www.suse.com/security/cve/CVE-2021-28660"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183593 for CVE-2021-28660",
          "url": "https://bugzilla.suse.com/1183593"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183658 for CVE-2021-28660",
          "url": "https://bugzilla.suse.com/1183658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-28660"
    },
    {
      "cve": "CVE-2021-29154",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-29154"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-29154",
          "url": "https://www.suse.com/security/cve/CVE-2021-29154"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184391 for CVE-2021-29154",
          "url": "https://bugzilla.suse.com/1184391"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184710 for CVE-2021-29154",
          "url": "https://bugzilla.suse.com/1184710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186408 for CVE-2021-29154",
          "url": "https://bugzilla.suse.com/1186408"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-29154"
    },
    {
      "cve": "CVE-2021-32399",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-32399"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-32399",
          "url": "https://www.suse.com/security/cve/CVE-2021-32399"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184611 for CVE-2021-32399",
          "url": "https://bugzilla.suse.com/1184611"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185898 for CVE-2021-32399",
          "url": "https://bugzilla.suse.com/1185898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185899 for CVE-2021-32399",
          "url": "https://bugzilla.suse.com/1185899"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196174 for CVE-2021-32399",
          "url": "https://bugzilla.suse.com/1196174"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200084 for CVE-2021-32399",
          "url": "https://bugzilla.suse.com/1200084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201734 for CVE-2021-32399",
          "url": "https://bugzilla.suse.com/1201734"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-32399"
    },
    {
      "cve": "CVE-2021-33034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-33034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-33034",
          "url": "https://www.suse.com/security/cve/CVE-2021-33034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186111 for CVE-2021-33034",
          "url": "https://bugzilla.suse.com/1186111"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186285 for CVE-2021-33034",
          "url": "https://bugzilla.suse.com/1186285"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-33034"
    },
    {
      "cve": "CVE-2021-3489",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3489"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3489",
          "url": "https://www.suse.com/security/cve/CVE-2021-3489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185640 for CVE-2021-3489",
          "url": "https://bugzilla.suse.com/1185640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185856 for CVE-2021-3489",
          "url": "https://bugzilla.suse.com/1185856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3489"
    },
    {
      "cve": "CVE-2021-3490",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3490"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3490",
          "url": "https://www.suse.com/security/cve/CVE-2021-3490"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185641 for CVE-2021-3490",
          "url": "https://bugzilla.suse.com/1185641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185796 for CVE-2021-3490",
          "url": "https://bugzilla.suse.com/1185796"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-57-default-2-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-29T08:59:01Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3490"
    }
  ]
}

CVE-2021-29154 (GCVE-0-2021-29154)

Vulnerability from cvelistv5

Published

2021-04-08 00:00

Modified

2024-08-03 22:02

Severity ?

CWE

Summary

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

References

URL

Tags

	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	mailing-list
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://www.openwall.com/lists/oss-security/2021/04/08/1
	https://news.ycombinator.com/item?id=26757760
	http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
	https://security.netapp.com/advisory/ntap-20210604-0006/
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:02:50.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2021-e71c033f88",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/04/08/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=26757760"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210604-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:40:17.453000",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2021-e71c033f88",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2021/04/08/1"
        },
        {
          "url": "https://news.ycombinator.com/item?id=26757760"
        },
        {
          "url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210604-0006/"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-29154",
    "datePublished": "2021-04-08T00:00:00",
    "dateReserved": "2021-03-24T00:00:00",
    "dateUpdated": "2024-08-03T22:02:50.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33034 (GCVE-0-2021-33034)

Vulnerability from cvelistv5

Published

2021-05-14 22:57

Modified

2024-08-03 23:42

Severity ?

CWE

Summary

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

References

URL

Tags

	https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1	x_refsource_MISC
	https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:19.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"
          },
          {
            "name": "FEDORA-2021-bae582b42c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-23T01:07:44",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"
        },
        {
          "name": "FEDORA-2021-bae582b42c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33034",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1",
              "refsource": "MISC",
              "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
            },
            {
              "name": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl",
              "refsource": "MISC",
              "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"
            },
            {
              "name": "FEDORA-2021-bae582b42c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33034",
    "datePublished": "2021-05-14T22:57:07",
    "dateReserved": "2021-05-14T00:00:00",
    "dateUpdated": "2024-08-03T23:42:19.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36322 (GCVE-0-2020-36322)

Vulnerability from cvelistv5

Published

2021-04-14 00:00

Modified

2024-08-04 17:23

Severity ?

CWE

Summary

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	mailing-list
	https://www.debian.org/security/2022/dsa-5096	vendor-advisory
	https://www.starwindsoftware.com/security/sw-20220816-0001/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:10.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220816-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220816-0001/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36322",
    "datePublished": "2021-04-14T00:00:00",
    "dateReserved": "2021-04-14T00:00:00",
    "dateUpdated": "2024-08-04T17:23:10.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3490 (GCVE-0-2021-3490)

Vulnerability from cvelistv5

Published

2021-06-04 01:40

Modified

2024-09-16 22:29

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write
CWE-20 - Improper Input Validation

Summary

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

References

URL

Tags

	https://ubuntu.com/security/notices/USN-4950-1	vendor-advisory, x_refsource_UBUNTU
	https://ubuntu.com/security/notices/USN-4949-1	vendor-advisory, x_refsource_UBUNTU
	https://www.openwall.com/lists/oss-security/2021/05/11/11	mailing-list, x_refsource_MLIST
	https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-21-606/	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210716-0004/	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Version: trunk < v5.13-rc4 Version: linux-5.12.y < v5.12.4 Version: linux-5.11.y < v5.11.21 Version: linux-5.10.y < v5.10.37 Version: v5.7-rc1 < 5.7*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-4950-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-4949-1"
          },
          {
            "name": "[oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/05/11/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210716-0004/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v5.13-rc4",
              "status": "affected",
              "version": "trunk",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.12.4",
              "status": "affected",
              "version": "linux-5.12.y",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.11.21",
              "status": "affected",
              "version": "linux-5.11.y",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.10.37",
              "status": "affected",
              "version": "linux-5.10.y",
              "versionType": "custom"
            },
            {
              "lessThan": "5.7*",
              "status": "affected",
              "version": "v5.7-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Manfred Paul (@_manfp) of the RedRocket CTF team (@redrocket_ctf) working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "datePublic": "2021-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-01T17:06:42",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://ubuntu.com/security/notices/USN-4950-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://ubuntu.com/security/notices/USN-4949-1"
        },
        {
          "name": "[oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/05/11/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210716-0004/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Linux kernel eBPF bitwise ops ALU32 bounds tracking",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-11 17:00:00 +0000",
          "ID": "CVE-2021-3490",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel eBPF bitwise ops ALU32 bounds tracking"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "trunk",
                            "version_value": "v5.13-rc4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "linux-5.12.y",
                            "version_value": "v5.12.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "linux-5.11.y",
                            "version_value": "v5.11.21"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "linux-5.10.y",
                            "version_value": "v5.10.37"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5.7",
                            "version_value": "v5.7-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Manfred Paul (@_manfp) of the RedRocket CTF team (@redrocket_ctf) working with Trend Micro\u0027s Zero Day Initiative"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1)."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787 Out-of-bounds Write"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ubuntu.com/security/notices/USN-4950-1",
              "refsource": "UBUNTU",
              "url": "https://ubuntu.com/security/notices/USN-4950-1"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-4949-1",
              "refsource": "UBUNTU",
              "url": "https://ubuntu.com/security/notices/USN-4949-1"
            },
            {
              "name": "[oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking",
              "refsource": "MLIST",
              "url": "https://www.openwall.com/lists/oss-security/2021/05/11/11"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210716-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210716-0004/"
            },
            {
              "name": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-3490",
    "datePublished": "2021-06-04T01:40:20.129090Z",
    "dateReserved": "2021-04-09T00:00:00",
    "dateUpdated": "2024-09-16T22:29:57.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-28660 (GCVE-0-2021-28660)

Vulnerability from cvelistv5

Published

2021-03-17 00:00

Modified

2024-08-03 21:47

Severity ?

CWE

Summary

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html	mailing-list
	https://security.netapp.com/advisory/ntap-20210507-0008/
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/18/1	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/21/2	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:47:32.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7"
          },
          {
            "name": "FEDORA-2021-bb755ed5e3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/"
          },
          {
            "name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210507-0008/"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/18/1"
          },
          {
            "name": "[oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/21/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7"
        },
        {
          "name": "FEDORA-2021-bb755ed5e3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/"
        },
        {
          "name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210507-0008/"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/18/1"
        },
        {
          "name": "[oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/21/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-28660",
    "datePublished": "2021-03-17T00:00:00",
    "dateReserved": "2021-03-17T00:00:00",
    "dateUpdated": "2024-08-03T21:47:32.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32399 (GCVE-0-2021-32399)

Vulnerability from cvelistv5

Published

2021-05-10 21:19

Modified

2024-08-03 23:17

Severity ?

CWE

Summary

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

References

URL

Tags

	https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/05/11/2	mailing-list, x_refsource_MLIST
	https://security.netapp.com/advisory/ntap-20210622-0006/	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:29.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80"
          },
          {
            "name": "[oss-security] 20210511 CVE-2021-32399 Linux device detach race condition",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/11/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210622-0006/"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-23T01:08:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80"
        },
        {
          "name": "[oss-security] 20210511 CVE-2021-32399 Linux device detach race condition",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/11/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210622-0006/"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-32399",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80"
            },
            {
              "name": "[oss-security] 20210511 CVE-2021-32399 Linux device detach race condition",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/05/11/2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210622-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210622-0006/"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-32399",
    "datePublished": "2021-05-10T21:19:16",
    "dateReserved": "2021-05-07T00:00:00",
    "dateUpdated": "2024-08-03T23:17:29.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3489 (GCVE-0-2021-3489)

Vulnerability from cvelistv5

Published

2021-06-04 01:40

Modified

2024-09-16 20:21

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787 - Out-of-bounds Write

Summary

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2021/05/11/10	mailing-list, x_refsource_MLIST
	https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-21-590/	x_refsource_MISC
	https://ubuntu.com/security/notices/USN-4950-1	vendor-advisory, x_refsource_UBUNTU
	https://ubuntu.com/security/notices/USN-4949-1	vendor-advisory, x_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-20210716-0004/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Version: trunk < v5.13-rc4 Version: linux-5.12.y < v5.12.4 Version: linux-5.11.y < v5.11.21 Version: linux-5.10.y < v5.10.37 Version: v5.8 < 5.8*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-4950-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-4949-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210716-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v5.13-rc4",
              "status": "affected",
              "version": "trunk",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.12.4",
              "status": "affected",
              "version": "linux-5.12.y",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.11.21",
              "status": "affected",
              "version": "linux-5.11.y",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.10.37",
              "status": "affected",
              "version": "linux-5.10.y",
              "versionType": "custom"
            },
            {
              "lessThan": "5.8*",
              "status": "affected",
              "version": "v5.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ryota Shiga (@Ga_ryo_) of Flatt Security working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "datePublic": "2021-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T10:06:26",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://ubuntu.com/security/notices/USN-4950-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://ubuntu.com/security/notices/USN-4949-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210716-0004/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Linux kernel eBPF RINGBUF map oversized allocation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-11 17:00 +0000",
          "ID": "CVE-2021-3489",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel eBPF RINGBUF map oversized allocation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "trunk",
                            "version_value": "v5.13-rc4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "linux-5.12.y",
                            "version_value": "v5.12.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "linux-5.11.y",
                            "version_value": "v5.11.21"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "linux-5.10.y",
                            "version_value": "v5.10.37"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5.8",
                            "version_value": "v5.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ryota Shiga (@Ga_ryo_) of Flatt Security working with Trend Micro\u0027s Zero Day Initiative"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1)."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787 Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation",
              "refsource": "MLIST",
              "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-4950-1",
              "refsource": "UBUNTU",
              "url": "https://ubuntu.com/security/notices/USN-4950-1"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-4949-1",
              "refsource": "UBUNTU",
              "url": "https://ubuntu.com/security/notices/USN-4949-1"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210716-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210716-0004/"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-3489",
    "datePublished": "2021-06-04T01:40:19.351991Z",
    "dateReserved": "2021-04-09T00:00:00",
    "dateUpdated": "2024-09-16T20:21:42.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2021:2198-1

Vulnerability from csaf_suse

CVE-2021-29154 (GCVE-0-2021-29154)

Vulnerability from cvelistv5

CVE-2021-33034 (GCVE-0-2021-33034)

Vulnerability from cvelistv5

CVE-2020-36322 (GCVE-0-2020-36322)

Vulnerability from cvelistv5

CVE-2021-3490 (GCVE-0-2021-3490)

Vulnerability from cvelistv5

CVE-2021-28660 (GCVE-0-2021-28660)

Vulnerability from cvelistv5

CVE-2021-32399 (GCVE-0-2021-32399)

Vulnerability from cvelistv5

CVE-2021-3489 (GCVE-0-2021-3489)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature