vuln-list-alt/oval/p11/ALT-PU-2021-3055/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20213055",
      "Version": "oval:org.altlinux.errata:def:20213055",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-3055: package `kernel-image-rt` update to version 5.10.73-alt1.rt54",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-3055",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-3055",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-00681",
            "RefURL": "https://bdu.fstec.ru/vul/2022-00681",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-38300",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-38300",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-4028",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4028",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-41073",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-41073",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-rt to version 5.10.73-alt1.rt54. \nSecurity Fix(es):\n\n * BDU:2022-00681: Уязвимость функции loop_rw_iter (fs/io_uring.c ) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-38300: arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.\n\n * CVE-2021-4028: A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.\n\n * CVE-2021-41073: loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/\u003cpid\u003e/maps for exploitation.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-10-17"
          },
          "Updated": {
            "Date": "2021-10-17"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-00681",
              "CVSS": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "CWE": "CWE-119, CWE-269, CWE-763",
              "Href": "https://bdu.fstec.ru/vul/2022-00681",
              "Impact": "High",
              "Public": "20210919"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-38300",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-38300",
              "Impact": "High",
              "Public": "20210920"
            },
            {
              "ID": "CVE-2021-4028",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4028",
              "Impact": "High",
              "Public": "20220824"
            },
            {
              "ID": "CVE-2021-41073",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-763",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-41073",
              "Impact": "High",
              "Public": "20210919"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20213055001",
                "Comment": "kernel-headers-modules-rt is earlier than 0:5.10.73-alt1.rt54"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20213055002",
                "Comment": "kernel-headers-rt is earlier than 0:5.10.73-alt1.rt54"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20213055003",
                "Comment": "kernel-image-rt is earlier than 0:5.10.73-alt1.rt54"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20213055004",
                "Comment": "kernel-image-rt-checkinstall is earlier than 0:5.10.73-alt1.rt54"
              }
            ]
          }
        ]
      }
    }
  ]
}