pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2021-1525/definitions.json
pepelyaevip 43c7060749 ALT Vulnerability
2024-12-18 09:06:35 +00:00

769 lines
44 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211525",
"Version": "oval:org.altlinux.errata:def:20211525",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1525: package `kernel-image-un-def` update to version 5.11.7-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1525",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1525",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-05795",
"RefURL": "https://bdu.fstec.ru/vul/2020-05795",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01213",
"RefURL": "https://bdu.fstec.ru/vul/2021-01213",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01218",
"RefURL": "https://bdu.fstec.ru/vul/2021-01218",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01266",
"RefURL": "https://bdu.fstec.ru/vul/2021-01266",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01611",
"RefURL": "https://bdu.fstec.ru/vul/2021-01611",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01649",
"RefURL": "https://bdu.fstec.ru/vul/2021-01649",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01650",
"RefURL": "https://bdu.fstec.ru/vul/2021-01650",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01666",
"RefURL": "https://bdu.fstec.ru/vul/2021-01666",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01688",
"RefURL": "https://bdu.fstec.ru/vul/2021-01688",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01828",
"RefURL": "https://bdu.fstec.ru/vul/2021-01828",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01985",
"RefURL": "https://bdu.fstec.ru/vul/2021-01985",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02663",
"RefURL": "https://bdu.fstec.ru/vul/2021-02663",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03088",
"RefURL": "https://bdu.fstec.ru/vul/2021-03088",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03095",
"RefURL": "https://bdu.fstec.ru/vul/2021-03095",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03177",
"RefURL": "https://bdu.fstec.ru/vul/2021-03177",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04833",
"RefURL": "https://bdu.fstec.ru/vul/2021-04833",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01166",
"RefURL": "https://bdu.fstec.ru/vul/2022-01166",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05829",
"RefURL": "https://bdu.fstec.ru/vul/2022-05829",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07336",
"RefURL": "https://bdu.fstec.ru/vul/2022-07336",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00159",
"RefURL": "https://bdu.fstec.ru/vul/2023-00159",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00629",
"RefURL": "https://bdu.fstec.ru/vul/2023-00629",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01196",
"RefURL": "https://bdu.fstec.ru/vul/2023-01196",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01200",
"RefURL": "https://bdu.fstec.ru/vul/2023-01200",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02532",
"RefURL": "https://bdu.fstec.ru/vul/2023-02532",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02533",
"RefURL": "https://bdu.fstec.ru/vul/2023-02533",
"Source": "BDU"
},
{
"RefID": "CVE-2020-16120",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16120",
"Source": "CVE"
},
{
"RefID": "CVE-2020-24586",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-24586",
"Source": "CVE"
},
{
"RefID": "CVE-2020-24587",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-24587",
"Source": "CVE"
},
{
"RefID": "CVE-2020-24588",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-24588",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25639",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25639",
"Source": "CVE"
},
{
"RefID": "CVE-2020-26147",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-26147",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35499",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35499",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27363",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27363",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27364",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27364",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27365",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27365",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28375",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28375",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28660",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28660",
"Source": "CVE"
},
{
"RefID": "CVE-2021-29265",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-29265",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30002",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30002",
"Source": "CVE"
},
{
"RefID": "CVE-2021-33656",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33656",
"Source": "CVE"
},
{
"RefID": "CVE-2021-4037",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4037",
"Source": "CVE"
},
{
"RefID": "CVE-2022-0847",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
"Source": "CVE"
},
{
"RefID": "CVE-2022-41858",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
"Source": "CVE"
},
{
"RefID": "CVE-2022-4378",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-4378",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47946",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47946",
"Source": "CVE"
},
{
"RefID": "CVE-2023-0459",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459",
"Source": "CVE"
},
{
"RefID": "CVE-2023-0461",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0461",
"Source": "CVE"
},
{
"RefID": "CVE-2023-23586",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-23586",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.11.7-alt1. \nSecurity Fix(es):\n\n * BDU:2020-05795: Уязвимость ядра операционной системы Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2021-01213: Уязвимость файла drivers/scsi/scsi_transport_iscsi.c ядра операционной системы Linux, позволяющая нарушителю подключаться к сокету iscsi NETLINK и отправлять команды ядру\n\n * BDU:2021-01218: Уязвимость функции show_transport_handle ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2021-01266: Уязвимость функции show_transport_handle ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2021-01611: Уязвимость драйвера GPU Nouveau ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01649: Уязвимость реализации функции show_transport_handle() ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2021-01650: Уязвимость подсистемы iSCSI ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2021-01666: Уязвимость подсистемы iSCSI ядра операционных систем Linux, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность данных\n\n * BDU:2021-01688: Уязвимость функции rtw_wx_set_scan() (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01828: Уязвимость реализации функции usbip_sockfd_store ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01985: Уязвимость реализации функции video_usercopy (drivers/media/v4l2-core/v4l2-ioctl.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-02663: Уязвимость набора стандартов связи для коммуникации IEEE 802.11 операционной системы Windows, позволяющая нарушителю внедрить произвольные сетевые пакеты\n\n * BDU:2021-03088: Уязвимость реализации алгоритмов WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю оказать воздействие на целостность защищаемой информации\n\n * BDU:2021-03095: Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю внедрить произвольные сетевые пакеты и/или оказать воздействие на целостность защищаемой информации\n\n * BDU:2021-03177: Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность защищаемой информации\n\n * BDU:2021-04833: Уязвимость функции fastrpc_internal_invoke (drivers/misc/fastrpc.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольную команду управления\n\n * BDU:2022-01166: Уязвимость функций copy_page_to_iter_pipe и push_pipe ядра операционной системы Linux, позволяющая нарушителю перезаписать содержимое страничного кэша произвольных файлов\n\n * BDU:2022-05829: Уязвимость ioctl cmd PIO_FONT ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-07336: Уязвимость функции __do_proc_dointvec ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2023-00159: Уязвимость компонента fs/io_uring.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-00629: Уязвимость функции sl_tx_timeout() в модуле drivers/net/slip.c драйвера SLIP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01196: Уязвимость модуля io_uring.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2023-01200: Уязвимость реализации протокола Upper Level Protocol (ULP) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2023-02532: Уязвимость функции _copy_from_user() в модуле lib/usercopy.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2023-02533: Уязвимость функции inode_init_owner() в модуле fs/inode.c файловой системы XFS ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации, а так же вызвать отказ в обслуживании\n\n * CVE-2020-16120: Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.\n\n * CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n\n * CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.\n\n * CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.\n\n * CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.\n\n * CVE-2020-26147: An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.\n\n * CVE-2020-35499: A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.\n\n * CVE-2021-27363: An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.\n\n * CVE-2021-27364: An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.\n\n * CVE-2021-27365: An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.\n\n * CVE-2021-28375: An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.\n\n * CVE-2021-28660: rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.\n\n * CVE-2021-29265: An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n\n * CVE-2021-30002: An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n\n * CVE-2021-33656: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n\n * CVE-2021-4037: A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.\n\n * CVE-2022-0847: A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.\n\n * CVE-2022-41858: A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.\n\n * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n * CVE-2022-47946: An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.\n\n * CVE-2023-0459: Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47\n\n * CVE-2023-0461: There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.\n\nWhen CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt TCP_ULP operation does not require any privilege.\n\nWe recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c\n\n * CVE-2023-23586: Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit  788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring \n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-03-20"
},
"Updated": {
"Date": "2021-03-20"
},
"BDUs": [
{
"ID": "BDU:2020-05795",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-266, CWE-269",
"Href": "https://bdu.fstec.ru/vul/2020-05795",
"Impact": "Low",
"Public": "20200603"
},
{
"ID": "BDU:2021-01213",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CWE": "CWE-125, CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-01213",
"Impact": "Low",
"Public": "20210307"
},
{
"ID": "BDU:2021-01218",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-122, CWE-250, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01218",
"Impact": "High",
"Public": "20210307"
},
{
"ID": "BDU:2021-01266",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-01266",
"Impact": "High",
"Public": "20210307"
},
{
"ID": "BDU:2021-01611",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-01611",
"Impact": "Low",
"Public": "20210129"
},
{
"ID": "BDU:2021-01649",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-200, CWE-465",
"Href": "https://bdu.fstec.ru/vul/2021-01649",
"Impact": "Low",
"Public": "20210304"
},
{
"ID": "BDU:2021-01650",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125, CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-01650",
"Impact": "High",
"Public": "20210304"
},
{
"ID": "BDU:2021-01666",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-250, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01666",
"Impact": "High",
"Public": "20210304"
},
{
"ID": "BDU:2021-01688",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01688",
"Impact": "High",
"Public": "20210310"
},
{
"ID": "BDU:2021-01828",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2021-01828",
"Impact": "Low",
"Public": "20210310"
},
{
"ID": "BDU:2021-01985",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401, CWE-772",
"Href": "https://bdu.fstec.ru/vul/2021-01985",
"Impact": "Low",
"Public": "20210112"
},
{
"ID": "BDU:2021-02663",
"CVSS": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-306, CWE-327",
"Href": "https://bdu.fstec.ru/vul/2021-02663",
"Impact": "Low",
"Public": "20210510"
},
{
"ID": "BDU:2021-03088",
"CVSS": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-326, CWE-327",
"Href": "https://bdu.fstec.ru/vul/2021-03088",
"Impact": "Low",
"Public": "20210510"
},
{
"ID": "BDU:2021-03095",
"CVSS": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-03095",
"Impact": "Low",
"Public": "20210510"
},
{
"ID": "BDU:2021-03177",
"CVSS": "AV:A/AC:H/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-03177",
"Impact": "Low",
"Public": "20210510"
},
{
"ID": "BDU:2021-04833",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-269",
"Href": "https://bdu.fstec.ru/vul/2021-04833",
"Impact": "High",
"Public": "20210315"
},
{
"ID": "BDU:2022-01166",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-281, CWE-665",
"Href": "https://bdu.fstec.ru/vul/2022-01166",
"Impact": "High",
"Public": "20220307"
},
{
"ID": "BDU:2022-05829",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-05829",
"Impact": "High",
"Public": "20220817"
},
{
"ID": "BDU:2022-07336",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-474",
"Href": "https://bdu.fstec.ru/vul/2022-07336",
"Impact": "High",
"Public": "20221116"
},
{
"ID": "BDU:2023-00159",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-00159",
"Impact": "Low",
"Public": "20210303"
},
{
"ID": "BDU:2023-00629",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-00629",
"Impact": "High",
"Public": "20220406"
},
{
"ID": "BDU:2023-01196",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-01196",
"Impact": "Low",
"Public": "20210221"
},
{
"ID": "BDU:2023-01200",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-01200",
"Impact": "High",
"Public": "20230104"
},
{
"ID": "BDU:2023-02532",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-264, CWE-763",
"Href": "https://bdu.fstec.ru/vul/2023-02532",
"Impact": "Low",
"Public": "20230221"
},
{
"ID": "BDU:2023-02533",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2023-02533",
"Impact": "High",
"Public": "20210122"
}
],
"CVEs": [
{
"ID": "CVE-2020-16120",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16120",
"Impact": "Low",
"Public": "20210210"
},
{
"ID": "CVE-2020-24586",
"CVSS": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-24586",
"Impact": "Low",
"Public": "20210511"
},
{
"ID": "CVE-2020-24587",
"CVSS": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-327",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-24587",
"Impact": "Low",
"Public": "20210511"
},
{
"ID": "CVE-2020-24588",
"CVSS": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-327",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-24588",
"Impact": "Low",
"Public": "20210511"
},
{
"ID": "CVE-2020-25639",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25639",
"Impact": "Low",
"Public": "20210304"
},
{
"ID": "CVE-2020-26147",
"CVSS": "AV:A/AC:H/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-26147",
"Impact": "Low",
"Public": "20210511"
},
{
"ID": "CVE-2020-35499",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35499",
"Impact": "Low",
"Public": "20210219"
},
{
"ID": "CVE-2021-27363",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27363",
"Impact": "Low",
"Public": "20210307"
},
{
"ID": "CVE-2021-27364",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27364",
"Impact": "High",
"Public": "20210307"
},
{
"ID": "CVE-2021-27365",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27365",
"Impact": "High",
"Public": "20210307"
},
{
"ID": "CVE-2021-28375",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28375",
"Impact": "High",
"Public": "20210315"
},
{
"ID": "CVE-2021-28660",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28660",
"Impact": "High",
"Public": "20210317"
},
{
"ID": "CVE-2021-29265",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-29265",
"Impact": "Low",
"Public": "20210326"
},
{
"ID": "CVE-2021-30002",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30002",
"Impact": "Low",
"Public": "20210402"
},
{
"ID": "CVE-2021-33656",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33656",
"Impact": "Low",
"Public": "20220718"
},
{
"ID": "CVE-2021-4037",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4037",
"Impact": "High",
"Public": "20220824"
},
{
"ID": "CVE-2022-0847",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-665",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
"Impact": "High",
"Public": "20220310"
},
{
"ID": "CVE-2022-41858",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
"Impact": "High",
"Public": "20230117"
},
{
"ID": "CVE-2022-4378",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-4378",
"Impact": "High",
"Public": "20230105"
},
{
"ID": "CVE-2022-47946",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47946",
"Impact": "Low",
"Public": "20221223"
},
{
"ID": "CVE-2023-0459",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-763",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459",
"Impact": "Low",
"Public": "20230525"
},
{
"ID": "CVE-2023-0461",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0461",
"Impact": "High",
"Public": "20230228"
},
{
"ID": "CVE-2023-23586",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23586",
"Impact": "Low",
"Public": "20230217"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211525001",
"Comment": "kernel-doc-un is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525003",
"Comment": "kernel-headers-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525004",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525005",
"Comment": "kernel-image-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525006",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525007",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525008",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525009",
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.11.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211525010",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.11.7-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink