pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2021-3000/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

311 lines
16 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213000",
"Version": "oval:org.altlinux.errata:def:20213000",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3000: package `kernel-image-rpi-def` update to version 5.10.63-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3000",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3000",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-03848",
"RefURL": "https://bdu.fstec.ru/vul/2021-03848",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04028",
"RefURL": "https://bdu.fstec.ru/vul/2021-04028",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05536",
"RefURL": "https://bdu.fstec.ru/vul/2021-05536",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00682",
"RefURL": "https://bdu.fstec.ru/vul/2022-00682",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05676",
"RefURL": "https://bdu.fstec.ru/vul/2022-05676",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05781",
"RefURL": "https://bdu.fstec.ru/vul/2022-05781",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01796",
"RefURL": "https://bdu.fstec.ru/vul/2023-01796",
"Source": "BDU"
},
{
"RefID": "CVE-2021-33909",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33909",
"Source": "CVE"
},
{
"RefID": "CVE-2021-34866",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-34866",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3653",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3653",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3656",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3656",
"Source": "CVE"
},
{
"RefID": "CVE-2021-37576",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37576",
"Source": "CVE"
},
{
"RefID": "CVE-2021-4154",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154",
"Source": "CVE"
},
{
"RefID": "CVE-2021-42008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-42008",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28772",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28772",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-rpi-def to version 5.10.63-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03848: Уязвимость компонента fs/seq_file.c ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2021-04028: Уязвимость функции rtas_args.nargs драйвера arch/powerpc/kvm/book3s_rtas.c ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти операционной системы хоста\n\n * BDU:2021-05536: Уязвимость реализации функции check_map_func_compatibility() ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-00682: Уязвимость подсистемы виртуализации KVM ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-05676: Уязвимость функции cgroup1_parse_param компонента kernel/cgroup/cgroup-v1.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05781: Уязвимость функции decode_data компонента drivers/net/hamradio/6pack.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01796: Уязвимость функции seq_buf_putmem_hex() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-33909: fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.\n\n * CVE-2021-34866: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.\n\n * CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.\n\n * CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.\n\n * CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.\n\n * CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n\n * CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n\n * CVE-2023-28772: An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.\n\n * #41046: Нет поддержки Wireguard в ядрах для Rpi4\n\n * #41070: kernel-image-rpi-def: не загружает сжатые firmware файлы",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-10-07"
},
"Updated": {
"Date": "2021-10-07"
},
"BDUs": [
{
"ID": "BDU:2021-03848",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-03848",
"Impact": "High",
"Public": "20210719"
},
{
"ID": "BDU:2021-04028",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-04028",
"Impact": "High",
"Public": "20210723"
},
{
"ID": "BDU:2021-05536",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-697, CWE-843",
"Href": "https://bdu.fstec.ru/vul/2021-05536",
"Impact": "High",
"Public": "20210823"
},
{
"ID": "BDU:2022-00682",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264, CWE-862",
"Href": "https://bdu.fstec.ru/vul/2022-00682",
"Impact": "High",
"Public": "20210816"
},
{
"ID": "BDU:2022-05676",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-05676",
"Impact": "High",
"Public": "20210714"
},
{
"ID": "BDU:2022-05781",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-05781",
"Impact": "High",
"Public": "20210816"
},
{
"ID": "BDU:2023-01796",
"CVSS": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-01796",
"Impact": "Low",
"Public": "20230323"
}
],
"CVEs": [
{
"ID": "CVE-2021-33909",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33909",
"Impact": "High",
"Public": "20210720"
},
{
"ID": "CVE-2021-34866",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-34866",
"Impact": "High",
"Public": "20220125"
},
{
"ID": "CVE-2021-3653",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3653",
"Impact": "High",
"Public": "20210929"
},
{
"ID": "CVE-2021-3656",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3656",
"Impact": "High",
"Public": "20220304"
},
{
"ID": "CVE-2021-37576",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37576",
"Impact": "High",
"Public": "20210726"
},
{
"ID": "CVE-2021-4154",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4154",
"Impact": "High",
"Public": "20220204"
},
{
"ID": "CVE-2021-42008",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-42008",
"Impact": "High",
"Public": "20211005"
},
{
"ID": "CVE-2023-28772",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28772",
"Impact": "Low",
"Public": "20230323"
}
],
"Bugzilla": [
{
"ID": "41046",
"Href": "https://bugzilla.altlinux.org/41046",
"Data": "Нет поддержки Wireguard в ядрах для Rpi4"
},
{
"ID": "41070",
"Href": "https://bugzilla.altlinux.org/41070",
"Data": "kernel-image-rpi-def: не загружает сжатые firmware файлы"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213000001",
"Comment": "kernel-doc-rpi is earlier than 1:5.10.63-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213000002",
"Comment": "kernel-headers-modules-rpi-def is earlier than 1:5.10.63-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213000003",
"Comment": "kernel-headers-rpi-def is earlier than 1:5.10.63-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213000004",
"Comment": "kernel-image-rpi-def is earlier than 1:5.10.63-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213000005",
"Comment": "kernel-modules-staging-rpi-def is earlier than 1:5.10.63-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213000006",
"Comment": "kernel-modules-v4l-rpi-def is earlier than 1:5.10.63-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink