Lucene search

K
cloudlinuxCloudLinuxCLSA-2021:1632262296
HistorySep 21, 2021 - 10:11 p.m.

Fix of CVE: CVE-2021-38160, CVE-2021-3573, CVE-2021-38205, CVE-2021-3178, CVE-2021-20265, CVE-2021-3612, CVE-2021-32399, CVE-2021-37159, CVE-2014-4508, CVE-2021-28972, CVE-2021-34693, CVE-2021-20292

2021-09-2122:11:36
repo.cloudlinux.com
50

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

56.7%

  • ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcm_msg_head
  • ELSCVE-705: CVE-2021-38160: virtio_console: Assure used length from device is limited
  • ELSCVE-769: CVE-2014-4508: x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
  • ELSCVE-844: CVE-2021-3573: Bluetooth: use correct lock to prevent UAF of hdev object
  • ELSCVE-503: CVE-2021-32399: bluetooth: eliminate the potential race condition when removing the HCI controller
  • ELSCVE-451: CVE-2021-37159: hso: fix a use after free condition
  • ELSCVE-387: CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer
  • ELSCVE-547: CVE-2021-3178: nfsd4: readdirplus shouldn’t return parent of export
  • ELSCVE-547: nfsd: fix compose_entry_fh() failure exits
  • ELSCVE-547: nfsd: make local functions static
  • ELSCVE-682: CVE-2021-20265: af_unix: fix struct pid memory leak
  • ELSCVE-531: CVE-2021-20292: drm/ttm/nouveau: don’t call tt destroy callback on alloc failure.
  • ELSCVE-543: CVE-2021-28972: PCI: rpadlpar: Fix potential drc_name corruption in store functions
  • ELSCVE-575: CVE-2021-3612: Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
  • ELSCVE-575: Input: joydev - prevent potential read overflow in ioctl
  • ELSCVE-575: Input: joydev - fix possible ERR_PTR() dereferencing
  • ELSCVE-575: Input: joydev - use memdup_user() to duplicate memory from user-space

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

56.7%