1233 matches found
CVE-2021-4001
A race condition was found in the Linux kernel's ebpf verifier between bpfmapupdateelem and bpfmapfreeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege capsysadmin or capbpf can modify the frozen mapped address space. This flaw affects kernel...
GSD-2021-1002191 cfg80211: fix management registrations locking
cfg80211: fix management registrations locking This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...
UVI-2021-1002109 powerpc/idle: Don't corrupt back chain when going idle
powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commit...
UVI-2021-1002076 comedi: vmk80xx: fix transfer-buffer overflows
comedi: vmk80xx: fix transfer-buffer overflows This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.79 by commit...
UVI-2021-1002047 powerpc/idle: Don't corrupt back chain when going idle
powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.76 by commit...
UVI-2021-1002009 powerpc/idle: Don't corrupt back chain when going idle
powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.156 by commit...
UVI-2021-1001926 scsi: core: Put LLD module refcnt after SCSI device is released
scsi: core: Put LLD module refcnt after SCSI device is released This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.292 by commit...
UVI-2021-1001819 powerpc/idle: Don't corrupt back chain when going idle
powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.156 by commit...
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
...
CVE-2021-31371
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the...
UVI-2021-1001733 cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
cpufreq: schedutil: Destroy mutex before kobjectput frees the memory This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.10 by commit...
UVI-2021-1001701 HID: amd_sfh: Fix potential NULL pointer dereference - take 2
HID: amdsfh: Fix potential NULL pointer dereference - take 2 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.10 by commit...
UVI-2021-1001644 net: sched: flower: protect fl_walk() with rcu
net: sched: flower: protect flwalk with rcu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.71 by commit...
UVI-2021-1001593 net: sched: flower: protect fl_walk() with rcu
net: sched: flower: protect flwalk with rcu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.151 by commit...
UVI-2021-1001562 hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
hwmon: mlxreg-fan Return non-zero value when fan current state is enforced from sysfs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 ...
UVI-2021-1001544 net: macb: fix use after free on rmmod
net: macb: fix use after free on rmmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.249 by commit...
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
...
Juniper Networks Junos OS 信息泄露漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. An information disclosure vulnerability exists in Juniper Networks Junos OS that originates from Juniper...
CVE-2021-28660 affecting package kernel 5.10.161.1-1
CVE-2021-28660 affecting package kernel 5.10.161.1-1. A patched version of the package is available...
DEBIAN-CVE-2021-38208
net/nfc/llcpsock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service NULL pointer dereference and BUG by making a getsockname call after a certain type of failure of a bind call...