var-202103-0287
Vulnerability from variot

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Linux Kernel Contains an initialization vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1739-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1739 Issue date: 2021-05-18 CVE Names: CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-15437 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-35508 CVE-2021-0342 ==================================================================== 1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

  1. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  • kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)

  • kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)

  • kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)

  • kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)

  • kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)

  • kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)

  • kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)

  • kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)

  • kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)

  • kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)

  • kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)

  • kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)

  • kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)

  • kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)

  • kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)

  • kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)

  • kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)

  • kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting

  • ->real_parent (CVE-2020-35508)

  • kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)

  • kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver 1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver 1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c 1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c 1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter 1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem 1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component 1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support 1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code 1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow 1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c 1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices 1886109 - BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 [rhel-rt-8.4.0] 1894793 - After configure hugepage and reboot test server, kernel got panic status. 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory 1896842 - host locks up when running stress-ng itimers on RT kernel. 1897869 - Running oslat in RT guest, guest kernel shows Call Trace: INFO: task kcompactd0:35 blocked for more than 600 seconds. 1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem 1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c 1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent 1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon 1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege 1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers

  1. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source: kernel-rt-4.18.0-305.rt7.72.el8.src.rpm

x86_64: kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source: kernel-rt-4.18.0-305.rt7.72.el8.src.rpm

x86_64: kernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYKPwgNzjgjWX9erEAQiOVg//YfXIKUxc84y2aRexvrPHeTQvYkFMktq7 NEhNhHqEZbDUabM5+eKb5hoyG44PmXvQuK1njYjEbpTjQss92U8fekGJZAR9Zbsl WEfVcu/ix/UJOzQj/lp+dKhirBSE/33xgBmSsQI6JQc+xn1AoZC8bOeSqyr7J6Y7 t6I552Llhun9DDUGS8KYAM8PkrK3RGQybAS3S4atTdYd0qk42ZPF7/XqrbI7G4iq 0Oe+ZePj6lN1O7pHV0WYUD2yzLTCZZopmz5847BLBEbGLqPyxlShZ+MFGsWxCOHk tW8lw/nqVt/MNlOXI1tD6P6iFZ6JQYrRU5mGFlvsl3t9NQW60MxmcUNPgtVknXW5 BssBM/r6uLi0yFTTnDRZnv2MCs7fIzzqKXOHozrCvItswG6S8Qs72MaW2EQHAEen m7/fMKWTjt9CQudNCm/FwHLb8O9cYnOZwRiAINomo2B/Fi1b7WlquETSmjgQaQNr RxqtgiNQ98q92gnFgC8pCzxmiKRmHLFJEuxXYVq0O8Ch5i/eC8ExoO7Hqe6kYnJe ZaST6fAtb2bMDcPdborfSIUmuDcYdKFtcEfCuuFZIbBxnL2aJDMw0zen/rmDNQyV lwwXoKanoP5EjKKFMc/zkeHlOInMzeHa/0DIlA9h3kpro5eGN0uOPZvsrlryjC+J iJzkORGWplM\xfb/D -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Bugs fixed (https://bugzilla.redhat.com/):

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

  1. JIRA issues fixed (https://issues.jboss.org/):

LOG-1328 - Port fix to 5.0.z for BZ-1945168

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree (BZ#1968022)

  • Bugs fixed (https://bugzilla.redhat.com/):

1886285 - CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1968022 - kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2021:2122

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

This update fixes the following bug among others:

  • Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)

Security Fix(es):

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64

The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x

The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le

The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

  1. Solution:

For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing

  1. ========================================================================== Ubuntu Security Notice USN-4752-1 February 25, 2021

linux-oem-5.6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description: - linux-oem-5.6: Linux kernel for OEM systems

Details:

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135)

Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314)

It was discovered that the block layer implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-15436)

It was discovered that the serial port driver in the Linux kernel did not properly initialize a pointer in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-15437)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490)

It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)

It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284)

It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641)

It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643)

Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704)

It was discovered that the KVM hypervisor in the Linux kernel did not properly handle interrupts in certain situations. A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash). (CVE-2020-27152)

It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815)

It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588)

It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to gain unintended write access to read-only memory pages. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-29369)

Jann Horn discovered that the romfs file system in the Linux kernel did not properly validate file system meta-data, leading to an out-of-bounds read. An attacker could use this to construct a malicious romfs image that, when mounted, exposed sensitive information (kernel memory). (CVE-2020-29371)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-35508)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS: linux-image-5.6.0-1048-oem 5.6.0-1048.52 linux-image-oem-20.04 5.6.0.1048.44

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References: https://usn.ubuntu.com/4752-1 CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437, CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815, CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369, CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508

Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0287",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h700e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.12"
      },
      {
        "model": "h300e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h615c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "fas8700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h610c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "brocade fabric operating system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "kernel",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "linux",
        "version": "5.12"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "a700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fas8300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h610s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "aff a400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h410c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "kernel",
        "scope": null,
        "trust": 0.8,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "red hat enterprise linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162654"
      },
      {
        "db": "PACKETSTORM",
        "id": "162626"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163584"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      }
    ],
    "trust": 1.1
  },
  "cve": "CVE-2020-35508",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-35508",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-377704",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.0,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2020-35508",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-35508",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-1668",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-377704",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-35508",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Linux Kernel Contains an initialization vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: kernel-rt security and bug fix update\nAdvisory ID:       RHSA-2021:1739-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:1739\nIssue date:        2021-05-18\nCVE Names:         CVE-2019-19523 CVE-2019-19528 CVE-2020-0431\n                   CVE-2020-11608 CVE-2020-12114 CVE-2020-12362\n                   CVE-2020-12464 CVE-2020-14314 CVE-2020-14356\n                   CVE-2020-15437 CVE-2020-24394 CVE-2020-25212\n                   CVE-2020-25284 CVE-2020-25285 CVE-2020-25643\n                   CVE-2020-25704 CVE-2020-27786 CVE-2020-27835\n                   CVE-2020-28974 CVE-2020-35508 CVE-2021-0342\n====================================================================\n1. Summary:\n\nAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Real Time (v. 8) - x86_64\nRed Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: use-after-free caused by a malicious USB device in the\ndrivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n* kernel: use-after-free bug caused by a malicious USB device in the\ndrivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n* kernel: possible out of bounds write in kbd_keycode of keyboard.c\n(CVE-2020-0431)\n\n* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n* kernel: use-after-free in usb_sg_cancel function in\ndrivers/usb/core/message.c (CVE-2020-12464)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: Use After Free vulnerability in cgroup BPF component\n(CVE-2020-14356)\n\n* kernel: NULL pointer dereference in serial8250_isa_init_ports function in\ndrivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n* kernel: umask not applied on filesystem without ACL support\n(CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: incomplete permission checking for access to rbd devices\n(CVE-2020-25284)\n\n* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c\n(CVE-2020-25285)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to\nmemory corruption and read overflow (CVE-2020-25643)\n\n* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n* kernel: child process is able to access parent mm through hfi dev file\nhandle (CVE-2020-27835)\n\n* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting\n- -\u003ereal_parent (CVE-2020-35508)\n\n* kernel: use after free in tun_get_user of tun.c could lead to local\nescalation of privilege (CVE-2021-0342)\n\n* kernel: NULL pointer dereferences in ov511_mode_init_regs and\nov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver\n1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c\n1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c\n1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter\n1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem\n1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component\n1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support\n1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code\n1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow\n1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c\n1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices\n1886109 - BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 [rhel-rt-8.4.0]\n1894793 - After configure hugepage and reboot test server, kernel got panic status. \n1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory\n1896842 - host locks up when running stress-ng itimers on RT kernel. \n1897869 - Running oslat in RT guest, guest kernel shows Call Trace: INFO: task kcompactd0:35 blocked for more than 600 seconds. \n1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem\n1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c\n1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle\n1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent\n1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon\n1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege\n1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c\n1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers\n\n6. Package List:\n\nRed Hat Enterprise Linux Real Time for NFV (v. 8):\n\nSource:\nkernel-rt-4.18.0-305.rt7.72.el8.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-kvm-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\n\nRed Hat Enterprise Linux Real Time (v. 8):\n\nSource:\nkernel-rt-4.18.0-305.rt7.72.el8.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-core-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-devel-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-4.18.0-305.rt7.72.el8.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-305.rt7.72.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPwgNzjgjWX9erEAQiOVg//YfXIKUxc84y2aRexvrPHeTQvYkFMktq7\nNEhNhHqEZbDUabM5+eKb5hoyG44PmXvQuK1njYjEbpTjQss92U8fekGJZAR9Zbsl\nWEfVcu/ix/UJOzQj/lp+dKhirBSE/33xgBmSsQI6JQc+xn1AoZC8bOeSqyr7J6Y7\nt6I552Llhun9DDUGS8KYAM8PkrK3RGQybAS3S4atTdYd0qk42ZPF7/XqrbI7G4iq\n0Oe+ZePj6lN1O7pHV0WYUD2yzLTCZZopmz5847BLBEbGLqPyxlShZ+MFGsWxCOHk\ntW8lw/nqVt/MNlOXI1tD6P6iFZ6JQYrRU5mGFlvsl3t9NQW60MxmcUNPgtVknXW5\nBssBM/r6uLi0yFTTnDRZnv2MCs7fIzzqKXOHozrCvItswG6S8Qs72MaW2EQHAEen\nm7/fMKWTjt9CQudNCm/FwHLb8O9cYnOZwRiAINomo2B/Fi1b7WlquETSmjgQaQNr\nRxqtgiNQ98q92gnFgC8pCzxmiKRmHLFJEuxXYVq0O8Ch5i/eC8ExoO7Hqe6kYnJe\nZaST6fAtb2bMDcPdborfSIUmuDcYdKFtcEfCuuFZIbBxnL2aJDMw0zen/rmDNQyV\nlwwXoKanoP5EjKKFMc/zkeHlOInMzeHa/0DIlA9h3kpro5eGN0uOPZvsrlryjC+J\niJzkORGWplM\\xfb/D\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1328 - Port fix to 5.0.z for BZ-1945168\n\n6. \n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source\ntree (BZ#1968022)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1886285 - CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c\n1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory\n1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent\n1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan\n1968022 - kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree\n1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\"  \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. ==========================================================================\nUbuntu Security Notice USN-4752-1\nFebruary 25, 2021\n\nlinux-oem-5.6 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-oem-5.6: Linux kernel for OEM systems\n\nDetails:\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered\nthat legacy pairing and secure-connections pairing authentication in the\nBluetooth protocol could allow an unauthenticated user to complete\nauthentication without pairing credentials via adjacent access. A\nphysically proximate attacker could use this to impersonate a previously\npaired Bluetooth device. (CVE-2020-10135)\n\nJay Shin discovered that the ext4 file system implementation in the Linux\nkernel did not properly handle directory access with broken indexing,\nleading to an out-of-bounds read vulnerability. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2020-14314)\n\nIt was discovered that the block layer implementation in the Linux kernel\ndid not properly perform reference counting in some situations, leading to\na use-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2020-15436)\n\nIt was discovered that the serial port driver in the Linux kernel did not\nproperly initialize a pointer in some situations. A local attacker could\npossibly use this to cause a denial of service (system crash). \n(CVE-2020-15437)\n\nAndy Nguyen discovered that the Bluetooth HCI event packet parser in the\nLinux kernel did not properly handle event advertisements of certain sizes,\nleading to a heap-based buffer overflow. A physically proximate remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2020-24490)\n\nIt was discovered that the NFS client implementation in the Linux kernel\ndid not properly perform bounds checking before copying security labels in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2020-25212)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux\nkernel did not properly perform privilege checks for access to rbd devices\nin some situations. A local attacker could use this to map or unmap rbd\nblock devices. (CVE-2020-25284)\n\nIt was discovered that the block layer subsystem in the Linux kernel did\nnot properly handle zero-length requests. A local attacker could use this\nto cause a denial of service. (CVE-2020-25641)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did\nnot properly validate input in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2020-25643)\n\nKiyin (\u5c39\u4eae) discovered that the perf subsystem in the Linux kernel did\nnot properly deallocate memory in some situations. A privileged attacker\ncould use this to cause a denial of service (kernel memory exhaustion). \n(CVE-2020-25704)\n\nIt was discovered that the KVM hypervisor in the Linux kernel did not\nproperly handle interrupts in certain situations. A local attacker in a\nguest VM could possibly use this to cause a denial of service (host system\ncrash). (CVE-2020-27152)\n\nIt was discovered that the jfs file system implementation in the Linux\nkernel contained an out-of-bounds read vulnerability. A local attacker\ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nIt was discovered that an information leak existed in the syscall\nimplementation in the Linux kernel on 32 bit systems. A local attacker\ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nIt was discovered that the framebuffer implementation in the Linux kernel\ndid not properly perform range checks in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). A local attacker could use\nthis to gain unintended write access to read-only memory pages. A local attacker could use this to cause a\ndenial of service (system crash) or possibly expose sensitive information. \n(CVE-2020-29369)\n\nJann Horn discovered that the romfs file system in the Linux kernel did not\nproperly validate file system meta-data, leading to an out-of-bounds read. \nAn attacker could use this to construct a malicious romfs image that, when\nmounted, exposed sensitive information (kernel memory). (CVE-2020-29371)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use\nconsistent locking in some situations, leading to a read-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux\nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-\nfree vulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. \n(CVE-2020-35508)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n  linux-image-5.6.0-1048-oem      5.6.0-1048.52\n  linux-image-oem-20.04           5.6.0.1048.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n  https://usn.ubuntu.com/4752-1\n  CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437,\n  CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641,\n  CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815,\n  CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369,\n  CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "db": "PACKETSTORM",
        "id": "162654"
      },
      {
        "db": "PACKETSTORM",
        "id": "162626"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163584"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "161556"
      },
      {
        "db": "PACKETSTORM",
        "id": "161555"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-35508",
        "trust": 3.3
      },
      {
        "db": "PACKETSTORM",
        "id": "162626",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161556",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163584",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072252",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122404",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0717",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1820",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1866",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2439",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1688",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161555",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162654",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-377704",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162837",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162877",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "PACKETSTORM",
        "id": "162654"
      },
      {
        "db": "PACKETSTORM",
        "id": "162626"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163584"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "161556"
      },
      {
        "db": "PACKETSTORM",
        "id": "161555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "id": "VAR-202103-0287",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:38:27.231000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Linux\u00a0Kernel\u00a0Archives Red hat Red\u00a0Hat\u00a0Bugzilla",
        "trust": 0.8,
        "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ddbe78143bb073890c2ecb87b35850bf"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-665",
        "trust": 1.1
      },
      {
        "problemtype": "Improper initialization (CWE-665) [ Other ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-362",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35508"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210513-0006/"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35508"
      },
      {
        "trust": 0.7,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-linux-kernel-samba-sudo-python-and-tcmu-runner-affect-ibm-spectrum-protect-plus/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2021:1739"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2021:1578"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2021:2719"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2021:2718"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072252"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0717"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-signal-sending-34683"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1688"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1732"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2439"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162626/red-hat-security-advisory-2021-1578-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163584/red-hat-security-advisory-2021-2719-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161556/ubuntu-security-notice-usn-4752-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122404"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704"
      },
      {
        "trust": 0.5,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-25704"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-12114"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-19528"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-12464"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-14314"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-19523"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-25285"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-25212"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-28974"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-14356"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-27835"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-15437"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-25284"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-27786"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-25643"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-11608"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-24394"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-0431"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-0342"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25212"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25643"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25284"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28974"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27835"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15437"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-36322"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-18811"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24394"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0342"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25285"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27786"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14347"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25712"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13543"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9951"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-3842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13776"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24977"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9948"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14363"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-13584"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14360"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9983"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14345"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14344"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14361"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14346"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27815"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28588"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/665.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-006"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33034"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21645"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-30465"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21644"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2122"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4752-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24490"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10135"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25641"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29371"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25656"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-44.50~20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25669"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1019.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1023.24"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1024.26"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1016.19"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1021.22"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27830"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-44.50"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29569"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4751-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1023.25"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "PACKETSTORM",
        "id": "162654"
      },
      {
        "db": "PACKETSTORM",
        "id": "162626"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163584"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "161556"
      },
      {
        "db": "PACKETSTORM",
        "id": "161555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "db": "PACKETSTORM",
        "id": "162654"
      },
      {
        "db": "PACKETSTORM",
        "id": "162626"
      },
      {
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "db": "PACKETSTORM",
        "id": "163584"
      },
      {
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "db": "PACKETSTORM",
        "id": "161556"
      },
      {
        "db": "PACKETSTORM",
        "id": "161555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "date": "2021-03-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "date": "2021-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "date": "2021-05-19T14:06:16",
        "db": "PACKETSTORM",
        "id": "162654"
      },
      {
        "date": "2021-05-19T13:56:20",
        "db": "PACKETSTORM",
        "id": "162626"
      },
      {
        "date": "2021-05-27T13:28:54",
        "db": "PACKETSTORM",
        "id": "162837"
      },
      {
        "date": "2021-07-21T16:02:50",
        "db": "PACKETSTORM",
        "id": "163584"
      },
      {
        "date": "2021-06-01T14:45:29",
        "db": "PACKETSTORM",
        "id": "162877"
      },
      {
        "date": "2021-02-25T15:31:12",
        "db": "PACKETSTORM",
        "id": "161556"
      },
      {
        "date": "2021-02-25T15:31:02",
        "db": "PACKETSTORM",
        "id": "161555"
      },
      {
        "date": "2021-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      },
      {
        "date": "2021-03-26T17:15:12.203000",
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-377704"
      },
      {
        "date": "2021-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-35508"
      },
      {
        "date": "2021-12-02T09:13:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      },
      {
        "date": "2023-02-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      },
      {
        "date": "2023-02-12T23:41:00.150000",
        "db": "NVD",
        "id": "CVE-2020-35508"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161556"
      },
      {
        "db": "PACKETSTORM",
        "id": "161555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Linux\u00a0Kernel\u00a0 Initialization vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016425"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1668"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.