vuln-list-alt/oval/c10f1/ALT-PU-2021-1698/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20211698",
      "Version": "oval:org.altlinux.errata:def:20211698",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-1698: package `kernel-image-mp` update to version 5.11.16-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-1698",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-1698",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-02182",
            "RefURL": "https://bdu.fstec.ru/vul/2021-02182",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2021-02346",
            "RefURL": "https://bdu.fstec.ru/vul/2021-02346",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2021-04828",
            "RefURL": "https://bdu.fstec.ru/vul/2021-04828",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-03028",
            "RefURL": "https://bdu.fstec.ru/vul/2022-03028",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-03139",
            "RefURL": "https://bdu.fstec.ru/vul/2022-03139",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2020-25670",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25670",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-25671",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25671",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-29154",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-29154",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-29155",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-29155",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-33033",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33033",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-mp to version 5.11.16-alt1. \nSecurity Fix(es):\n\n * BDU:2021-02182: Уязвимость компонента BPF JIT (arch/x86/net/bpf_jit_comp.c и arch/x86/net/bpf_jit_comp32.c.) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02346: Уязвимость компонента kernel/bpf/verifier.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2021-04828: Уязвимость функции cipso_v4_genopt (net/ipv4/cipso_ipv4.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-03028: Уязвимость функции llcp_sock_connect() операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-03139: Уязвимость функции llcp_sock_bind() протокола nfc ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2020-25670: A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.\n\n * CVE-2020-25671: A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.\n\n * CVE-2021-29154: BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.\n\n * CVE-2021-29155: An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.\n\n * CVE-2021-33033: The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-04-22"
          },
          "Updated": {
            "Date": "2021-04-22"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-02182",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-77",
              "Href": "https://bdu.fstec.ru/vul/2021-02182",
              "Impact": "High",
              "Public": "20210408"
            },
            {
              "ID": "BDU:2021-02346",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-125",
              "Href": "https://bdu.fstec.ru/vul/2021-02346",
              "Impact": "Low",
              "Public": "20210417"
            },
            {
              "ID": "BDU:2021-04828",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2021-04828",
              "Impact": "High",
              "Public": "20210304"
            },
            {
              "ID": "BDU:2022-03028",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2022-03028",
              "Impact": "High",
              "Public": "20210325"
            },
            {
              "ID": "BDU:2022-03139",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2022-03139",
              "Impact": "High",
              "Public": "20210325"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2020-25670",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25670",
              "Impact": "High",
              "Public": "20210526"
            },
            {
              "ID": "CVE-2020-25671",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25671",
              "Impact": "High",
              "Public": "20210526"
            },
            {
              "ID": "CVE-2021-29154",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-77",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-29154",
              "Impact": "High",
              "Public": "20210408"
            },
            {
              "ID": "CVE-2021-29155",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-29155",
              "Impact": "Low",
              "Public": "20210420"
            },
            {
              "ID": "CVE-2021-33033",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33033",
              "Impact": "High",
              "Public": "20210514"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20211698001",
                "Comment": "kernel-headers-modules-mp is earlier than 0:5.11.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20211698002",
                "Comment": "kernel-headers-mp is earlier than 0:5.11.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20211698003",
                "Comment": "kernel-image-mp is earlier than 0:5.11.16-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}