usn-5001-1
Vulnerability from osv_ubuntu
Published
2021-06-23 03:45
Modified
2026-06-03 10:45
Summary
linux-oem-5.10 vulnerabilities
Details

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets. (CVE-2020-24588)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147)

Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)

Manfred Paul discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel contained an out-of-bounds vulnerability. A local attacker could use this issue to execute arbitrary code. (CVE-2021-31440)

It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506)

Mathias Krause discovered that a null pointer dereference existed in the Nitro Enclaves kernel driver of the Linux kernel. A local attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3543)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2021-3609",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-5.10.0-1033-oem",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-headers-5.10.0-1033-oem",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-image-unsigned-5.10.0-1033-oem",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-modules-5.10.0-1033-oem",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-oem-5.10-headers-5.10.0-1033",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-oem-5.10-tools-5.10.0-1033",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-oem-5.10-tools-host",
            "binary_version": "5.10.0-1033.34"
          },
          {
            "binary_name": "linux-tools-5.10.0-1033-oem",
            "binary_version": "5.10.0-1033.34"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "linux-oem-5.10",
        "purl": "pkg:deb/ubuntu/linux-oem-5.10@5.10.0-1033.34?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.10.0-1033.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.10.0-1008.9",
        "5.10.0-1011.12",
        "5.10.0-1013.14",
        "5.10.0-1014.15",
        "5.10.0-1016.17",
        "5.10.0-1017.18",
        "5.10.0-1019.20",
        "5.10.0-1021.22",
        "5.10.0-1022.23",
        "5.10.0-1023.24",
        "5.10.0-1025.26",
        "5.10.0-1026.27",
        "5.10.0-1029.30",
        "5.10.0-1032.33"
      ]
    }
  ],
  "aliases": [],
  "details": "Norbert Slusarek discovered a race condition in the CAN BCM networking\nprotocol of the Linux kernel leading to multiple use-after-free\nvulnerabilities. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-3609)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly clear received fragments from memory in some situations. A\nphysically proximate attacker could possibly use this issue to inject\npackets or expose sensitive information. (CVE-2020-24586)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled encrypted fragments. A physically proximate attacker\ncould possibly use this issue to decrypt fragments. (CVE-2020-24587)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled certain malformed frames. If a user were tricked into\nconnecting to a malicious server, a physically proximate attacker could use\nthis issue to inject packets. (CVE-2020-24588)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly verify certain fragmented frames. A physically proximate\nattacker could possibly use this issue to inject or decrypt packets.\n(CVE-2020-26141)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\naccepted plaintext fragments in certain situations. A physically proximate\nattacker could use this issue to inject packets. (CVE-2020-26145)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A physically proximate\nattacker could possibly use this issue to inject packets or exfiltrate\nselected fragments. (CVE-2020-26147)\n\nOr Cohen discovered that the SCTP implementation in the Linux kernel\ncontained a race condition in some situations, leading to a use-after-free\ncondition. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-23133)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nManfred Paul discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel contained an out-of-bounds\nvulnerability. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-31440)\n\nIt was discovered that a race condition in the kernel Bluetooth subsystem\ncould lead to use-after-free of slab objects. An attacker could use this\nissue to possibly execute arbitrary code. (CVE-2021-32399)\n\nIt was discovered that a use-after-free existed in the Bluetooth HCI driver\nof the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nIt was discovered that an out-of-bounds (OOB) memory access flaw existed in\nthe f2fs module of the Linux kernel. A local attacker could use this issue\nto cause a denial of service (system crash). (CVE-2021-3506)\n\nMathias Krause discovered that a null pointer dereference existed in the\nNitro Enclaves kernel driver of the Linux kernel. A local attacker could\nuse this issue to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2021-3543)\n",
  "id": "USN-5001-1",
  "modified": "2026-06-03T10:45:26Z",
  "published": "2021-06-23T03:45:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5001-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-24586"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-24587"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-24588"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-26139"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-26141"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-26145"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-26147"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-3506"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-3543"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-3609"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-23133"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-23134"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-31440"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-32399"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-33034"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-oem-5.10 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2020-24586",
    "UBUNTU-CVE-2020-24587",
    "UBUNTU-CVE-2020-24588",
    "UBUNTU-CVE-2020-26139",
    "UBUNTU-CVE-2020-26141",
    "UBUNTU-CVE-2020-26145",
    "UBUNTU-CVE-2020-26147",
    "UBUNTU-CVE-2021-3506",
    "UBUNTU-CVE-2021-3543",
    "UBUNTU-CVE-2021-3609",
    "UBUNTU-CVE-2021-23133",
    "UBUNTU-CVE-2021-23134",
    "UBUNTU-CVE-2021-31440",
    "UBUNTU-CVE-2021-32399",
    "UBUNTU-CVE-2021-33034"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…