[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4978-1 linux -- linux

ID: oval:org.secpod.oval:def:86599Date: (C)2023-01-06   (M)2024-04-17
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-3702 A flaw was found in the driver for Atheros IEEE 802.11n family of chipsets allowing information disclosure. CVE-2020-16119 Hadar Manor reported a use-after-free in the DCCP protocol implementation in the Linux kernel. A local attacker can take advantage of this flaw to cause a denial of service or potentially to execute arbitrary code. CVE-2021-3653 Maxim Levitsky discovered a vulnerability in the KVM hypervisor implementation for AMD processors in the Linux kernel: Missing validation of the `int_ctl` VMCB field could allow a malicious L1 guest to enable AVIC support for the L2 guest. The L2 guest can take advantage of this flaw to write to a limited but still relatively large subset of the host physical memory. CVE-2021-3656 Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM hypervisor implementation for AMD processors in the Linux kernel. Missing validation of the the `virt_ext` VMCB field could allow a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus read/write portions of the host"s physical memory. CVE-2021-3679 A flaw in the Linux kernel tracing module functionality could allow a privileged local user to cause a denial of service . CVE-2021-3732 Alois Wohlschlager reported a flaw in the implementation of the overlayfs subsystem, allowing a local attacker with privileges to mount a filesystem to reveal files hidden in the original mount. CVE-2021-3739 A NULL pointer dereference flaw was found in the btrfs filesystem, allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a denial of service. CVE-2021-3743 An out-of-bounds memory read was discovered in the Qualcomm IPC router protocol implementation, allowing to cause a denial of service or information leak. CVE-2021-3753 Minh Yuan reported a race condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds read in vt. CVE-2021-37576 Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem on the powerpc platform, which allows KVM guest OS users to cause memory corruption on the host. CVE-2021-38160 A flaw in the virtio_console was discovered allowing data corruption or data loss by an untrusted device. CVE-2021-38166 An integer overflow flaw in the BPF subsystem could allow a local attacker to cause a denial of service or potentially the execution of arbitrary code. This flaw is mitigated by default in Debian as unprivileged calls to bpf are disabled. CVE-2021-38199 Michael Wakabayashi reported a flaw in the NFSv4 client implementation, where incorrect connection setup ordering allows operations of a remote NFSv4 server to cause a denial of service. CVE-2021-40490 A race condition was discovered in the ext4 subsystem when writing to an inline_data file while its xattrs are changing. This could result in denial of service. CVE-2021-41073 Valentina Palmiotti discovered a flaw in io_uring allowing a local attacker to escalate privileges.

Platform:
Linux Mint 5
Product:
linux-image-5.10
bpftool
hyperv-daemons
libcpupower-dev
libcpupower1
usbip
Reference:
DSA-4978-1
CVE-2020-3702
CVE-2020-16119
CVE-2021-3653
CVE-2021-3656
CVE-2021-3679
CVE-2021-3732
CVE-2021-3739
CVE-2021-3743
CVE-2021-3753
CVE-2021-37576
CVE-2021-38160
CVE-2021-38166
CVE-2021-38199
CVE-2021-40490
CVE-2021-41073
CVE    15
CVE-2020-3702
CVE-2021-38160
CVE-2021-38166
CVE-2021-38199
...

© SecPod Technologies