var-202103-1442
Vulnerability from variot
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Vendor is responsible for this vulnerability CID-20c40794eb85 It is published as. This vulnerability is CVE-2019-2308 Vulnerabilities related to.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. ========================================================================== Ubuntu Security Notice USN-4949-1 May 11, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3489)
Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3491)
It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639)
Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch\xf6nherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930)
Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375)
It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264)
It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29266)
It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash). A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: linux-image-5.8.0-1024-raspi 5.8.0-1024.27 linux-image-5.8.0-1024-raspi-nolpae 5.8.0-1024.27 linux-image-5.8.0-1027-kvm 5.8.0-1027.29 linux-image-5.8.0-1029-oracle 5.8.0-1029.30 linux-image-5.8.0-1031-gcp 5.8.0-1031.32 linux-image-5.8.0-1032-azure 5.8.0-1032.34 linux-image-5.8.0-1033-aws 5.8.0-1033.35 linux-image-5.8.0-53-generic 5.8.0-53.60 linux-image-5.8.0-53-generic-64k 5.8.0-53.60 linux-image-5.8.0-53-generic-lpae 5.8.0-53.60 linux-image-5.8.0-53-lowlatency 5.8.0-53.60 linux-image-aws 5.8.0.1033.35 linux-image-azure 5.8.0.1032.32 linux-image-gcp 5.8.0.1031.31 linux-image-generic 5.8.0.53.58 linux-image-generic-64k 5.8.0.53.58 linux-image-generic-lpae 5.8.0.53.58 linux-image-gke 5.8.0.1031.31 linux-image-kvm 5.8.0.1027.29 linux-image-lowlatency 5.8.0.53.58 linux-image-oem-20.04 5.8.0.53.58 linux-image-oracle 5.8.0.1029.28 linux-image-raspi 5.8.0.1024.27 linux-image-raspi-nolpae 5.8.0.1024.27 linux-image-virtual 5.8.0.53.58
Ubuntu 20.04 LTS: linux-image-5.8.0-53-generic 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-generic-64k 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-generic-lpae 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-lowlatency 5.8.0-53.60~20.04.1 linux-image-generic-64k-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-generic-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-generic-lpae-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-lowlatency-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-virtual-hwe-20.04 5.8.0.53.60~20.04.37
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-4949-1 CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375, CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646, CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
Package Information: https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60 https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35 https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34 https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32 https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29 https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30 https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27 https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.1"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.106"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.11"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.24"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.11.7"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.10.24",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.11.7",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.106",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
],
"trust": 1.1
},
"cve": "CVE-2021-28375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-28375",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-387803",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-28375",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-28375",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-961",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-387803",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Vendor is responsible for this vulnerability CID-20c40794eb85 It is published as. This vulnerability is CVE-2019-2308 Vulnerabilities related to.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This update provides the corresponding\nLinux kernel updates targeted specifically for Raspberry Pi devices\nin those same Ubuntu Releases. ==========================================================================\nUbuntu Security Notice USN-4949-1\nMay 11, 2021\n\nlinux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm,\nlinux-oracle, linux-raspi vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash) or execute arbitrary code. (CVE-2021-3489)\n\nManfred Paul discovered that the eBPF implementation in the Linux kernel\ndid not properly track bounds on bitwise operations. A local attacker could\nuse this to cause a denial of service (system crash) or execute arbitrary\ncode. A local attacker could use this to cause a denial of service\n(system crash) or execute arbitrary code. (CVE-2021-3491)\n\nIt was discovered that the Nouveau GPU driver in the Linux kernel did not\nproperly handle error conditions in some situations. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2020-25639)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch\\xf6nherr\ndiscovered that the Xen paravirtualization backend in the Linux kernel did\nnot properly propagate errors to frontend drivers in some situations. An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash). (CVE-2021-26930)\n\nJan Beulich discovered that multiple Xen backends in the Linux kernel did\nnot properly handle certain error conditions under paravirtualization. An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash). A local\nattacker could possibly use this to gain elevated privileges. \n(CVE-2021-28375)\n\nIt was discovered that the Freescale Gianfar Ethernet driver for the Linux\nkernel did not properly handle receive queue overrun when jumbo frames were\nenabled in some situations. An attacker could use this to cause a denial of\nservice (system crash). (CVE-2021-29264)\n\nIt was discovered that the USB/IP driver in the Linux kernel contained race\nconditions during the update of local and shared status. An attacker could\nuse this to cause a denial of service (system crash). An attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2021-29266)\n\nIt was discovered that the TIPC protocol implementation in the Linux kernel\ndid not properly validate passed encryption key sizes. A local attacker\ncould use this to cause a denial of service (system crash). A local attacker could use this\nto cause a denial of service (system crash). (CVE-2021-29650)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n linux-image-5.8.0-1024-raspi 5.8.0-1024.27\n linux-image-5.8.0-1024-raspi-nolpae 5.8.0-1024.27\n linux-image-5.8.0-1027-kvm 5.8.0-1027.29\n linux-image-5.8.0-1029-oracle 5.8.0-1029.30\n linux-image-5.8.0-1031-gcp 5.8.0-1031.32\n linux-image-5.8.0-1032-azure 5.8.0-1032.34\n linux-image-5.8.0-1033-aws 5.8.0-1033.35\n linux-image-5.8.0-53-generic 5.8.0-53.60\n linux-image-5.8.0-53-generic-64k 5.8.0-53.60\n linux-image-5.8.0-53-generic-lpae 5.8.0-53.60\n linux-image-5.8.0-53-lowlatency 5.8.0-53.60\n linux-image-aws 5.8.0.1033.35\n linux-image-azure 5.8.0.1032.32\n linux-image-gcp 5.8.0.1031.31\n linux-image-generic 5.8.0.53.58\n linux-image-generic-64k 5.8.0.53.58\n linux-image-generic-lpae 5.8.0.53.58\n linux-image-gke 5.8.0.1031.31\n linux-image-kvm 5.8.0.1027.29\n linux-image-lowlatency 5.8.0.53.58\n linux-image-oem-20.04 5.8.0.53.58\n linux-image-oracle 5.8.0.1029.28\n linux-image-raspi 5.8.0.1024.27\n linux-image-raspi-nolpae 5.8.0.1024.27\n linux-image-virtual 5.8.0.53.58\n\nUbuntu 20.04 LTS:\n linux-image-5.8.0-53-generic 5.8.0-53.60~20.04.1\n linux-image-5.8.0-53-generic-64k 5.8.0-53.60~20.04.1\n linux-image-5.8.0-53-generic-lpae 5.8.0-53.60~20.04.1\n linux-image-5.8.0-53-lowlatency 5.8.0-53.60~20.04.1\n linux-image-generic-64k-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-generic-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-generic-lpae-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-lowlatency-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-virtual-hwe-20.04 5.8.0.53.60~20.04.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-4949-1\n CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375,\n CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646,\n CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60\n https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35\n https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34\n https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32\n https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29\n https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30\n https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27\n https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28375",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "162167",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162695",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162541",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1231",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1307",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1623",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2606",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1694",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162550",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162543",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-387803",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"id": "VAR-202103-1442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:26:34.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "restrict\u00a0user\u00a0apps\u00a0from\u00a0sending\u00a0kernel\u00a0RPC\u00a0messages",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/"
},
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144241"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28375"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210401-0003/"
},
{
"trust": 1.7,
"url": "https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tjpvqzpy3dhpv5i3ivnmsmo6d3pkzisx/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xaunydtge6mb4nwl2sihpcodclet3jzb/"
},
{
"trust": 1.0,
"url": "https://lore.kernel.org/stable/yd03ew7+6v0xph6l%40kroah.com/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xaunydtge6mb4nwl2sihpcodclet3jzb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tjpvqzpy3dhpv5i3ivnmsmo6d3pkzisx/"
},
{
"trust": 0.7,
"url": "https://lore.kernel.org/stable/yd03ew7+6v0xph6l@kroah.com/"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2021-08-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1623"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1766"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162167/ubuntu-security-notice-usn-4911-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2606"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1307"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202110-0000001162680040"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-28375"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1231"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162695/ubuntu-security-notice-usn-4945-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2136"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-fastrpc-internal-invoke-34854"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1299"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1694"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162541/ubuntu-security-notice-usn-4945-1.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25639"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28038"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29265"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-4945-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4911-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1021.22"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1035.38"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1035.38~18.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4945-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1047.49~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1043.45"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1047.49"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1043.46~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1015.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1015.16~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1044.47~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1043.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1048.50~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-73.82"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1039.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-73.82~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1045.49"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1043.45~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1048.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26930"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4949-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26931"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3490"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35519"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4947-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1056.60"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-387803"
},
{
"date": "2021-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"date": "2021-04-13T22:55:55",
"db": "PACKETSTORM",
"id": "162167"
},
{
"date": "2021-05-19T14:19:27",
"db": "PACKETSTORM",
"id": "162695"
},
{
"date": "2021-05-12T13:50:45",
"db": "PACKETSTORM",
"id": "162541"
},
{
"date": "2021-05-12T13:52:46",
"db": "PACKETSTORM",
"id": "162550"
},
{
"date": "2021-05-12T13:51:05",
"db": "PACKETSTORM",
"id": "162543"
},
{
"date": "2021-03-15T05:15:13.740000",
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"date": "2021-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-387803"
},
{
"date": "2021-11-22T08:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"date": "2023-11-07T03:32:08.597000",
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
],
"trust": 1.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Vulnerability in privilege management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
],
"trust": 0.6
}
}
Loading...