pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2021-1417/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

368 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211417",
"Version": "oval:org.altlinux.errata:def:20211417",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1417: package `kernel-image-rpi-un` update to version 5.10.17-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1417",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1417",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01126",
"RefURL": "https://bdu.fstec.ru/vul/2021-01126",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01616",
"RefURL": "https://bdu.fstec.ru/vul/2021-01616",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02591",
"RefURL": "https://bdu.fstec.ru/vul/2021-02591",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02592",
"RefURL": "https://bdu.fstec.ru/vul/2021-02592",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02593",
"RefURL": "https://bdu.fstec.ru/vul/2021-02593",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02594",
"RefURL": "https://bdu.fstec.ru/vul/2021-02594",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02595",
"RefURL": "https://bdu.fstec.ru/vul/2021-02595",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02597",
"RefURL": "https://bdu.fstec.ru/vul/2021-02597",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02733",
"RefURL": "https://bdu.fstec.ru/vul/2021-02733",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01284",
"RefURL": "https://bdu.fstec.ru/vul/2023-01284",
"Source": "BDU"
},
{
"RefID": "CVE-2021-20268",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20268",
"Source": "CVE"
},
{
"RefID": "CVE-2021-26708",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-26708",
"Source": "CVE"
},
{
"RefID": "CVE-2021-26930",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-26930",
"Source": "CVE"
},
{
"RefID": "CVE-2021-26931",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-26931",
"Source": "CVE"
},
{
"RefID": "CVE-2021-26932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-26932",
"Source": "CVE"
},
{
"RefID": "CVE-2021-26934",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-26934",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3178",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3178",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3347",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3347",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3348",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3348",
"Source": "CVE"
},
{
"RefID": "CVE-2023-1390",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1390",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-rpi-un to version 5.10.17-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01126: Уязвимость реализации сокетов с адресацией AF_VSOCK ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2021-01616: Уязвимость реализации функций dev_map_init_map и sock_map_alloc ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение системы или повысить свои привилегии\n\n * BDU:2021-02591: Уязвимость функции ndb_queue_rq ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02592: Уязвимость компонента fs/nfsd/nfs3xdr.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02593: Уязвимость компонента PI futexes ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код на уровне ядра\n\n * BDU:2021-02594: Уязвимость компонента drivers/block/xen-blkback/blkback.c ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2021-02595: Уязвимость компонентов arch/*/xen/p2m.c, drivers/xen/gntdev.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-02597: Уязвимость драйверов drm_xen_front ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02733: Уязвимость драйверов drivers/block/xen-blkback/blkback.c, drivers/xen/xen-scsiback.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01284: Уязвимость реализации протокола TIPC (Transparent Inter Process Communication) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-20268: An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n\n * CVE-2021-26708: A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.\n\n * CVE-2021-26930: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.\n\n * CVE-2021-26931: An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n\n * CVE-2021-26932: An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.\n\n * CVE-2021-26934: An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.\n\n * CVE-2021-3178: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior\n\n * CVE-2021-3347: An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n\n * CVE-2021-3348: nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.\n\n * CVE-2023-1390: A remote denial of service vulnerability was found in the Linux kernels TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-03-01"
},
"Updated": {
"Date": "2021-03-01"
},
"BDUs": [
{
"ID": "BDU:2021-01126",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-269, CWE-362, CWE-667",
"Href": "https://bdu.fstec.ru/vul/2021-01126",
"Impact": "High",
"Public": "20210201"
},
{
"ID": "BDU:2021-01616",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-01616",
"Impact": "High",
"Public": "20210120"
},
{
"ID": "BDU:2021-02591",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-02591",
"Impact": "High",
"Public": "20210125"
},
{
"ID": "BDU:2021-02592",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-22",
"Href": "https://bdu.fstec.ru/vul/2021-02592",
"Impact": "Low",
"Public": "20210112"
},
{
"ID": "BDU:2021-02593",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-02593",
"Impact": "High",
"Public": "20210129"
},
{
"ID": "BDU:2021-02594",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2021-02594",
"Impact": "High",
"Public": "20210215"
},
{
"ID": "BDU:2021-02595",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2021-02595",
"Impact": "Low",
"Public": "20210215"
},
{
"ID": "BDU:2021-02597",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-770",
"Href": "https://bdu.fstec.ru/vul/2021-02597",
"Impact": "High",
"Public": "20210215"
},
{
"ID": "BDU:2021-02733",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://bdu.fstec.ru/vul/2021-02733",
"Impact": "Low",
"Public": "20210215"
},
{
"ID": "BDU:2023-01284",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476, CWE-1050",
"Href": "https://bdu.fstec.ru/vul/2023-01284",
"Impact": "High",
"Public": "20210109"
}
],
"CVEs": [
{
"ID": "CVE-2021-20268",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20268",
"Impact": "High",
"Public": "20210309"
},
{
"ID": "CVE-2021-26708",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-667",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-26708",
"Impact": "High",
"Public": "20210205"
},
{
"ID": "CVE-2021-26930",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-26930",
"Impact": "High",
"Public": "20210217"
},
{
"ID": "CVE-2021-26931",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-26931",
"Impact": "Low",
"Public": "20210217"
},
{
"ID": "CVE-2021-26932",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-26932",
"Impact": "Low",
"Public": "20210217"
},
{
"ID": "CVE-2021-26934",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-26934",
"Impact": "High",
"Public": "20210217"
},
{
"ID": "CVE-2021-3178",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3178",
"Impact": "Low",
"Public": "20210119"
},
{
"ID": "CVE-2021-3347",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3347",
"Impact": "High",
"Public": "20210129"
},
{
"ID": "CVE-2021-3348",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3348",
"Impact": "High",
"Public": "20210201"
},
{
"ID": "CVE-2023-1390",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1390",
"Impact": "High",
"Public": "20230316"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211417001",
"Comment": "kernel-headers-modules-rpi-un is earlier than 1:5.10.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211417002",
"Comment": "kernel-headers-rpi-un is earlier than 1:5.10.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211417003",
"Comment": "kernel-image-rpi-un is earlier than 1:5.10.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211417004",
"Comment": "kernel-modules-staging-rpi-un is earlier than 1:5.10.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211417005",
"Comment": "kernel-modules-v4l-rpi-un is earlier than 1:5.10.17-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink