Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9030
HistoryFeb 03, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2021-02-0300:00:00
linux.oracle.com
30

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[4.1.12-124.47.3]

  • sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 31588015]
    [4.1.12-124.47.2]
  • mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350932] {CVE-2020-12653}
  • lockd: don’t use interval-based rebinding over TCP (Calum Mackay) [Orabug: 31435700]
  • ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (Takashi Iwai) [Orabug: 32240688] {CVE-2020-27786}
  • xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}
  • xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}
  • xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}
  • xen/xenbus: Add ‘will_handle’ callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}
  • xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}
  • KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251907]
  • tty: Fix ->session locking (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}
  • tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}
  • tty: core: Use correct spinlock flavor in tiocspgrp() (Peter Hurley) [Orabug: 32266682] {CVE-2020-29660}
  • mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349208] {CVE-2020-36158}
    [4.1.12-124.47.1]
  • target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32374139] {CVE-2020-28374}

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2021-9030