var-202106-0349
Vulnerability from variot
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Virtualization Host security update [ovirt-4.4.6] Advisory ID: RHSA-2021:2522-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:2522 Issue date: 2021-06-22 CVE Names: CVE-2020-24489 CVE-2021-3501 CVE-2021-3560 CVE-2021-27219 =====================================================================
- Summary:
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64
- Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
-
glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219)
-
kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501)
-
polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
-
hw: vt-d related privilege escalation (CVE-2020-24489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Previously, systemtap dependencies were not included in the RHV-H channel. Therefore, systemtap could not be installed. In this release, the systemtap dependencies have been included in the channel, resolving the issue. (BZ#1903997)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1903997 - Provide systemtap dependencies within RHV-H channel 1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits 1950136 - CVE-2021-3501 kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run 1961710 - CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
- Package List:
Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: redhat-virtualization-host-4.4.6-20210615.0.el8_4.src.rpm
x86_64: redhat-virtualization-host-image-update-4.4.6-20210615.0.el8_4.x86_64.rpm
RHEL 8-based RHEV-H for RHEV 4 (build requirements):
Source: redhat-release-virtualization-host-4.4.6-2.el8ev.src.rpm
noarch: redhat-virtualization-host-image-update-placeholder-4.4.6-2.el8ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.4.6-2.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2021-3501 https://access.redhat.com/security/cve/CVE-2021-3560 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYNH6EtzjgjWX9erEAQg8rBAApw3Jn/EPQosAw8RDA053A4aCxO2gHC15 HK1kJ2gSn73kahmvvl3ZAFQW3Wa/OKZRFnbOKZPcJvKeVKnmeHdjmX6V/wNC/bAO i2bc69+GYd+mj3+ngKmTyFFVSsgDWCfFv6lwMl74d0dXYauCfMTiMD/K/06zaQ3b arTdExk9VynIcr19ggOfhGWAe5qX8ZXfPHwRAmDBNZCUjzWm+c+O+gQQiy/wWzMB 6vbtEqKeXfT1XgxjdQO5xfQ4Fvd8ssKXwOjdymCsEoejplVFmO3reBrl+y95P3p9 BCKR6/cWKzhaAXfS8jOlZJvxA0TyxK5+HOP8pGWGfxBixXVbaFR4E/+rnA1E04jp lGXvby0yq1Q3u4/dYKPn7oai1H7b7TOaCKrmTMy3Nwd5mKiT+CqYk2Va0r2+Cy/2 jH6CeaSKJIBFviUalmc7ZbdPR1zfa1LEujaYp8aCez8pNF0Mopf5ThlCwlZdEdxG aTK1VPajNj2i8oveRPgNAzIu7tMh5Cibyo92nkfjhV9ube7WLg4fBKbX/ZfCBS9y osA4oRWUFbJYnHK6Fbr1X3mIYIq0s2y0MO2QZWj8hvzMT+BcQy5byreU4Y6o8ikl hXz6yl7Cu6X7wm32QZNZMWbUwJfksJRBR+dfkhDcGV0/zQpMZpwHDXs06kal9vsY DRQj4fNuEQo= =bDgd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7.4) - x86_64
Security Fix(es):
-
hw: vt-d related privilege escalation (CVE-2020-24489)
-
hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)
-
hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
-
hw: information disclosure on some Intel Atom processors (CVE-2020-24513)
Bug Fix(es) and Enhancement(s):
-
Update Intel CPU microcode to microcode-20210525 release
-
Bugs fixed (https://bugzilla.redhat.com/):
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0349", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "core i5-11500", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10310u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10850k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2920", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-l13g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1035g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10885h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1195g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10100t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1120g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10500e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3150", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1060g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1035g1", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver j5040", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11400", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11700b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3160", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2820", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j6413", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900kf", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11600kf", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10100", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10325", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3160", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10100y", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n3530", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11980hk", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10100e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2930", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver n6000", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10810u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10500te", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1000g1", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10910", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3050", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1160g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10100te", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n3540", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10300t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10750h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10305t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10110u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver n6005", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4025", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3010", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j4205", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "core i3-1115gre", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10500h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11850h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10310y", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2810", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1035g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3350", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n5100", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10200h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1145g7e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10300", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3060", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-11100b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11600t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j3710", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4105", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10505", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x5-e3940", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10900k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10210u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n3510", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10850h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n6211", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n6415", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver n5030", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3355e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11390h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10900e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3450", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "core i9-10900f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2807", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1135g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-l16g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10500t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11700f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j1800", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3060", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2815", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11320h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11700t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2808", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11370h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j6426", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2830", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n4200e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10400h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900kb", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10105f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1145g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10320", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11400h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10300h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n3700", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11600k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n5095", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11375h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10210y", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10400t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10600kf", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11700kf", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j6412", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1185g7e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3455", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1000g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n4200", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3350e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4100", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11500h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10870h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10600", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j1850", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2910", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1060ng7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1185gre", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11500b", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1030ng7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10400", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11700", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1005g1", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1140g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4005", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n5105", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1145gre", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2940", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10510u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4000c", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700te", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10900te", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1155g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1030g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1000ng4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4125", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1125g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11600", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10610u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2806", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1165g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10900", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3355", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1110g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10710u", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11400f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4020", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j1750", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4020c", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1130g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10105", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1068ng7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1030g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1115g4", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n3000", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j4115", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver n5000", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10875h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1065g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10105t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10900t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4500", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1180g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n6210", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10100f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11800h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x7-e3950", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11260h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10600t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n3520", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11500t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10600k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2805", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11300h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n2840", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-11700k", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4000", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10980hk", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-1038ng7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-1185g7", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10305", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j2850", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10400f", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver j5005", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j3455e", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "atom x5-e3930", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-10110y", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron j1900", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-10500", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11900t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10510y", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i7-10700kf", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-11950h", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4120", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium n3710", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i9-10900kf", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium j2900", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "celeron n4505", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "pentium silver a1030", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i5-11400t", scope: "eq", trust: 1, vendor: "intel", version: null, }, { model: "core i3-1115g4e", scope: "eq", trust: 1, vendor: "intel", version: null, }, ], sources: [ { db: "NVD", id: "CVE-2020-24489", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "163954", }, { db: "PACKETSTORM", id: "163966", }, { db: "PACKETSTORM", id: "163240", }, { db: "PACKETSTORM", id: "163242", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163993", }, ], trust: 0.9, }, cve: "CVE-2020-24489", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2020-24489", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-178372", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2, id: "CVE-2020-24489", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-24489", trust: 1, value: "HIGH", }, { author: "VULHUB", id: "VHN-178372", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-178372", }, { db: "NVD", id: "CVE-2020-24489", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat Virtualization Host security update [ovirt-4.4.6]\nAdvisory ID: RHSA-2021:2522-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2522\nIssue date: 2021-06-22\nCVE Names: CVE-2020-24489 CVE-2021-3501 CVE-2021-3560 \n CVE-2021-27219 \n=====================================================================\n\n1. Summary:\n\nAn update for imgbased, redhat-release-virtualization-host, and\nredhat-virtualization-host is now available for Red Hat Virtualization 4\nfor Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host's resources and performing administrative\ntasks. \n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host's resources and performing administrative\ntasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a\nspecial build of Red Hat Enterprise Linux with only the packages required\nto host virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host's resources and performing administrative tasks. \n\nSecurity Fix(es):\n\n* glib: integer overflow in g_bytes_new function on 64-bit platforms due to\nan implicit cast from 64 bits to 32 bits (CVE-2021-27219)\n\n* kernel: userspace applications can misuse the KVM API to cause a write of\n16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501)\n\n* polkit: local privilege escalation using\npolkit_system_bus_name_get_creds_sync() (CVE-2021-3560)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Previously, systemtap dependencies were not included in the RHV-H\nchannel. Therefore, systemtap could not be installed. \nIn this release, the systemtap dependencies have been included in the\nchannel, resolving the issue. (BZ#1903997)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1903997 - Provide systemtap dependencies within RHV-H channel\n1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits\n1950136 - CVE-2021-3501 kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run\n1961710 - CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()\n1962650 - CVE-2020-24489 hw: vt-d related privilege escalation\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 8:\n\nSource:\nredhat-virtualization-host-4.4.6-20210615.0.el8_4.src.rpm\n\nx86_64:\nredhat-virtualization-host-image-update-4.4.6-20210615.0.el8_4.x86_64.rpm\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nredhat-release-virtualization-host-4.4.6-2.el8ev.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-placeholder-4.4.6-2.el8ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.4.6-2.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-24489\nhttps://access.redhat.com/security/cve/CVE-2021-3501\nhttps://access.redhat.com/security/cve/CVE-2021-3560\nhttps://access.redhat.com/security/cve/CVE-2021-27219\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYNH6EtzjgjWX9erEAQg8rBAApw3Jn/EPQosAw8RDA053A4aCxO2gHC15\nHK1kJ2gSn73kahmvvl3ZAFQW3Wa/OKZRFnbOKZPcJvKeVKnmeHdjmX6V/wNC/bAO\ni2bc69+GYd+mj3+ngKmTyFFVSsgDWCfFv6lwMl74d0dXYauCfMTiMD/K/06zaQ3b\narTdExk9VynIcr19ggOfhGWAe5qX8ZXfPHwRAmDBNZCUjzWm+c+O+gQQiy/wWzMB\n6vbtEqKeXfT1XgxjdQO5xfQ4Fvd8ssKXwOjdymCsEoejplVFmO3reBrl+y95P3p9\nBCKR6/cWKzhaAXfS8jOlZJvxA0TyxK5+HOP8pGWGfxBixXVbaFR4E/+rnA1E04jp\nlGXvby0yq1Q3u4/dYKPn7oai1H7b7TOaCKrmTMy3Nwd5mKiT+CqYk2Va0r2+Cy/2\njH6CeaSKJIBFviUalmc7ZbdPR1zfa1LEujaYp8aCez8pNF0Mopf5ThlCwlZdEdxG\naTK1VPajNj2i8oveRPgNAzIu7tMh5Cibyo92nkfjhV9ube7WLg4fBKbX/ZfCBS9y\nosA4oRWUFbJYnHK6Fbr1X3mIYIq0s2y0MO2QZWj8hvzMT+BcQy5byreU4Y6o8ikl\nhXz6yl7Cu6X7wm32QZNZMWbUwJfksJRBR+dfkhDcGV0/zQpMZpwHDXs06kal9vsY\nDRQj4fNuEQo=\n=bDgd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 7.4) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: information disclosure on some Intel Atom processors (CVE-2020-24513)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20210525 release\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1962650 - CVE-2020-24489 hw: vt-d related privilege escalation\n1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors\n1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors\n1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors\n\n6", sources: [ { db: "NVD", id: "CVE-2020-24489", }, { db: "VULHUB", id: "VHN-178372", }, { db: "PACKETSTORM", id: "163954", }, { db: "PACKETSTORM", id: "163966", }, { db: "PACKETSTORM", id: "163240", }, { db: "PACKETSTORM", id: "163242", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163993", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-24489", trust: 2, }, { db: "PACKETSTORM", id: "163037", trust: 0.2, }, { db: "PACKETSTORM", id: "163042", trust: 0.2, }, { db: "PACKETSTORM", id: "163043", trust: 0.2, }, { db: "PACKETSTORM", id: "163242", trust: 0.2, }, { db: "PACKETSTORM", id: "163032", trust: 0.2, }, { db: "PACKETSTORM", id: "163240", trust: 0.2, }, { db: "PACKETSTORM", id: "163047", trust: 0.1, }, { db: "PACKETSTORM", id: "163044", trust: 0.1, }, { db: "PACKETSTORM", id: "163040", trust: 0.1, }, { db: "PACKETSTORM", id: "163031", trust: 0.1, }, { db: "PACKETSTORM", id: "163036", trust: 0.1, }, { db: "PACKETSTORM", id: "163046", trust: 0.1, }, { db: "VULHUB", id: "VHN-178372", trust: 0.1, }, { db: "PACKETSTORM", id: "163954", trust: 0.1, }, { db: "PACKETSTORM", id: "163966", trust: 0.1, }, { db: "PACKETSTORM", id: "163993", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-178372", }, { db: "PACKETSTORM", id: "163954", }, { db: "PACKETSTORM", id: "163966", }, { db: "PACKETSTORM", id: "163240", }, { db: "PACKETSTORM", id: "163242", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163993", }, { db: "NVD", id: "CVE-2020-24489", }, ], }, id: "VAR-202106-0349", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-178372", }, ], trust: 0.01, }, last_update_date: "2024-11-29T21:01:25.076000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-459", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-178372", }, { db: "NVD", id: "CVE-2020-24489", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.debian.org/security/2021/dsa-4934", }, { trust: 1.1, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html", }, { trust: 1.1, url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24489", }, { trust: 0.9, url: "https://access.redhat.com/security/cve/cve-2020-24489", }, { trust: 0.9, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.9, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.9, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.9, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.9, url: "https://bugzilla.redhat.com/):", }, { trust: 0.7, url: "https://access.redhat.com/security/cve/cve-2020-24511", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24512", }, { trust: 0.7, url: "https://access.redhat.com/articles/11258", }, { trust: 0.7, url: "https://access.redhat.com/security/cve/cve-2020-24512", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24511", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-24513", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-24513", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8696", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-8698", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8698", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-0549", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-0543", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-8695", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8695", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-0549", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-0543", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-8696", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-0548", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-0548", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-27219", }, { trust: 0.2, url: "https://access.redhat.com/articles/2974891", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27219", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:3323", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:3317", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-25217", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-25217", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2519", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3560", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2522", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3560", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3501", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-3501", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2302", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2306", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2308", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:2301", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:3364", }, ], sources: [ { db: "VULHUB", id: "VHN-178372", }, { db: "PACKETSTORM", id: "163954", }, { db: "PACKETSTORM", id: "163966", }, { db: "PACKETSTORM", id: "163240", }, { db: "PACKETSTORM", id: "163242", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163993", }, { db: "NVD", id: "CVE-2020-24489", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-178372", }, { db: "PACKETSTORM", id: "163954", }, { db: "PACKETSTORM", id: "163966", }, { db: "PACKETSTORM", id: "163240", }, { db: "PACKETSTORM", id: "163242", }, { db: "PACKETSTORM", id: "163032", }, { db: "PACKETSTORM", id: "163037", }, { db: "PACKETSTORM", id: "163042", }, { db: "PACKETSTORM", id: "163043", }, { db: "PACKETSTORM", id: "163993", }, { db: "NVD", id: "CVE-2020-24489", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-09T00:00:00", db: "VULHUB", id: "VHN-178372", }, { date: "2021-08-31T15:43:48", db: "PACKETSTORM", id: "163954", }, { date: "2021-08-31T15:56:51", db: "PACKETSTORM", id: "163966", }, { date: "2021-06-22T19:32:24", db: "PACKETSTORM", id: "163240", }, { date: "2021-06-22T19:34:25", db: "PACKETSTORM", id: "163242", }, { date: "2021-06-09T13:26:50", db: "PACKETSTORM", id: "163032", }, { date: "2021-06-09T13:28:17", db: "PACKETSTORM", id: "163037", }, { date: "2021-06-09T13:40:32", db: "PACKETSTORM", id: "163042", }, { date: "2021-06-09T13:40:40", db: "PACKETSTORM", id: "163043", }, { date: "2021-08-31T16:27:14", db: "PACKETSTORM", id: "163993", }, { date: "2021-06-09T20:15:08.140000", db: "NVD", id: "CVE-2020-24489", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-06T00:00:00", db: "VULHUB", id: "VHN-178372", }, { date: "2022-04-06T17:07:37.537000", db: "NVD", id: "CVE-2020-24489", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat Security Advisory 2021-3323-01", sources: [ { db: "PACKETSTORM", id: "163954", }, ], trust: 0.1, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "overflow", sources: [ { db: "PACKETSTORM", id: "163240", }, { db: "PACKETSTORM", id: "163242", }, ], trust: 0.2, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.