vuln-list-alt/oval/p11/ALT-PU-2020-2757/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20202757",
      "Version": "oval:org.altlinux.errata:def:20202757",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-2757: package `kernel-image-mp` update to version 5.8.8-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-2757",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-2757",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2020-05635",
            "RefURL": "https://bdu.fstec.ru/vul/2020-05635",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2021-03394",
            "RefURL": "https://bdu.fstec.ru/vul/2021-03394",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2020-14386",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14386",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-25211",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25211",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-25221",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25221",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-25285",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25285",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-mp to version 5.8.8-alt1. \nSecurity Fix(es):\n\n * BDU:2020-05635: Уязвимость утилиты sysctl hugetlbl операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повышение привилегий\n\n * BDU:2021-03394: Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * CVE-2020-14386: A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.\n\n * CVE-2020-25211: In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n\n * CVE-2020-25221: get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.\n\n * CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-09-10"
          },
          "Updated": {
            "Date": "2020-09-10"
          },
          "BDUs": [
            {
              "ID": "BDU:2020-05635",
              "CVSS": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-362, CWE-476, CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2020-05635",
              "Impact": "Low",
              "Public": "20200905"
            },
            {
              "ID": "BDU:2021-03394",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-250, CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2021-03394",
              "Impact": "High",
              "Public": "20200904"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2020-14386",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14386",
              "Impact": "High",
              "Public": "20200916"
            },
            {
              "ID": "CVE-2020-25211",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
              "CWE": "CWE-120",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25211",
              "Impact": "Low",
              "Public": "20200909"
            },
            {
              "ID": "CVE-2020-25221",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-672",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25221",
              "Impact": "High",
              "Public": "20200910"
            },
            {
              "ID": "CVE-2020-25285",
              "CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-362",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25285",
              "Impact": "Low",
              "Public": "20200913"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202757001",
                "Comment": "kernel-headers-modules-mp is earlier than 0:5.8.8-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202757002",
                "Comment": "kernel-headers-mp is earlier than 0:5.8.8-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202757003",
                "Comment": "kernel-image-mp is earlier than 0:5.8.8-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}