usn-4911-1
Vulnerability from osv_ubuntu
Published
2021-04-13 22:06
Modified
2026-06-03 10:45
Summary
linux-oem-5.10 vulnerabilities
Details

It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639)

Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038)

It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375)

It was discovered that the fuse user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2021-28950)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-25639",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-28038",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-28375",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-28950",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-5.10.0-1021-oem",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-headers-5.10.0-1021-oem",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-image-unsigned-5.10.0-1021-oem",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-modules-5.10.0-1021-oem",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-oem-5.10-headers-5.10.0-1021",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-oem-5.10-tools-5.10.0-1021",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-oem-5.10-tools-host",
            "binary_version": "5.10.0-1021.22"
          },
          {
            "binary_name": "linux-tools-5.10.0-1021-oem",
            "binary_version": "5.10.0-1021.22"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "linux-oem-5.10",
        "purl": "pkg:deb/ubuntu/linux-oem-5.10@5.10.0-1021.22?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.10.0-1021.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.10.0-1008.9",
        "5.10.0-1011.12",
        "5.10.0-1013.14",
        "5.10.0-1014.15",
        "5.10.0-1016.17",
        "5.10.0-1017.18",
        "5.10.0-1019.20"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that the Nouveau GPU driver in the Linux kernel did not\nproperly handle error conditions in some situations. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2020-25639)\n\nJan Beulich discovered that the Xen netback backend in the Linux kernel did\nnot properly handle certain error conditions under paravirtualization. An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash). (CVE-2021-28038)\n\nIt was discovered that the fastrpc driver in the Linux kernel did not\nprevent user space applications from sending kernel RPC messages. A local\nattacker could possibly use this to gain elevated privileges.\n(CVE-2021-28375)\n\nIt was discovered that the fuse user space file system implementation in\nthe Linux kernel did not properly handle bad inodes in some situations. A\nlocal attacker could possibly use this to cause a denial of service.\n(CVE-2021-28950)\n",
  "id": "USN-4911-1",
  "modified": "2026-06-03T10:45:25Z",
  "published": "2021-04-13T22:06:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-4911-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25639"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-28038"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-28375"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-28950"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-oem-5.10 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2020-25639",
    "UBUNTU-CVE-2021-28038",
    "UBUNTU-CVE-2021-28375",
    "UBUNTU-CVE-2021-28950"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…