vuln-list-alt/oval/c9f2/ALT-PU-2021-3022/definitions.json
2024-02-14 09:47:22 +00:00

182 lines
8.6 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213022",
"Version": "oval:org.altlinux.errata:def:20213022",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3022: package `kernel-image-std-def` update to version 5.10.72-alt0.c9f.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3022",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3022",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00682",
"RefURL": "https://bdu.fstec.ru/vul/2022-00682",
"Source": "BDU"
},
{
"RefID": "CVE-2021-3653",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3653",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3656",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3656",
"Source": "CVE"
},
{
"RefID": "CVE-2021-38300",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-38300",
"Source": "CVE"
},
{
"RefID": "CVE-2021-4028",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4028",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 5.10.72-alt0.c9f.1. \nSecurity Fix(es):\n\n * BDU:2022-00682: Уязвимость подсистемы виртуализации KVM ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.\n\n * CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.\n\n * CVE-2021-38300: arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.\n\n * CVE-2021-4028: A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-10-12"
},
"Updated": {
"Date": "2021-10-12"
},
"bdu": [
{
"Cvss": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2022-00682",
"Impact": "High",
"Public": "20210928",
"CveID": "BDU:2022-00682"
}
],
"Cves": [
{
"Cvss": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"Cwe": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3653",
"Impact": "High",
"Public": "20210929",
"CveID": "CVE-2021-3653"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"Cwe": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3656",
"Impact": "High",
"Public": "20220304",
"CveID": "CVE-2021-3656"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-38300",
"Impact": "High",
"Public": "20210920",
"CveID": "CVE-2021-38300"
},
{
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4028",
"Impact": "High",
"Public": "20220824",
"CveID": "CVE-2021-4028"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213022001",
"Comment": "kernel-doc-std is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022002",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022003",
"Comment": "kernel-headers-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022004",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022005",
"Comment": "kernel-image-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022008",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022009",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022010",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.72-alt0.c9f.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213022011",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.72-alt0.c9f.1"
}
]
}
]
}
}
]
}