csaf_suse - suse-su-2021:1395-1

suse-su-2021:1395-1

Vulnerability from csaf_suse

Published

2021-04-28 07:22

Modified

2021-04-28 07:22

Summary

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)

Description of the patch

This update for the Linux Kernel 5.3.18-24_52 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183658). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646).

Patchnames

SUSE-2021-1395,SUSE-SLE-Module-Live-Patching-15-SP1-2021-1385,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1395

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-24_52 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read  (bsc#1184171).\n- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183658).\n- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-1395,SUSE-SLE-Module-Live-Patching-15-SP1-2021-1385,SUSE-SLE-Module-Live-Patching-15-SP2-2021-1395",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1395-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:1395-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211395-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:1395-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008686.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182294",
        "url": "https://bugzilla.suse.com/1182294"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183658",
        "url": "https://bugzilla.suse.com/1183658"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184171",
        "url": "https://bugzilla.suse.com/1184171"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28660 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28660/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28688 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28688/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3444 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3444/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)",
    "tracking": {
      "current_release_date": "2021-04-28T07:22:38Z",
      "generator": {
        "date": "2021-04-28T07:22:38Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:1395-1",
      "initial_release_date": "2021-04-28T07:22:38Z",
      "revision_history": [
        {
          "date": "2021-04-28T07:22:38Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
                "product": {
                  "name": "kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
                  "product_id": "kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
                  "product_id": "kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-24_52-preempt-3-2.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-24_52-preempt-3-2.2.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-24_52-preempt-3-2.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
                  "product_id": "kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP1",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP1",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le"
        },
        "product_reference": "kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP1",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64"
        },
        "product_reference": "kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-28660",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28660"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28660",
          "url": "https://www.suse.com/security/cve/CVE-2021-28660"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183593 for CVE-2021-28660",
          "url": "https://bugzilla.suse.com/1183593"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183658 for CVE-2021-28660",
          "url": "https://bugzilla.suse.com/1183658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-28T07:22:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-28660"
    },
    {
      "cve": "CVE-2021-28688",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28688"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn\u0027t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28688",
          "url": "https://www.suse.com/security/cve/CVE-2021-28688"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183646 for CVE-2021-28688",
          "url": "https://bugzilla.suse.com/1183646"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-28T07:22:38Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-28688"
    },
    {
      "cve": "CVE-2021-3444",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3444"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3444",
          "url": "https://www.suse.com/security/cve/CVE-2021-3444"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184170 for CVE-2021-3444",
          "url": "https://bugzilla.suse.com/1184170"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184171 for CVE-2021-3444",
          "url": "https://bugzilla.suse.com/1184171"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-197_86-default-3-2.2.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-24_52-default-3-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-04-28T07:22:38Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3444"
    }
  ]
}

CVE-2021-3444 (GCVE-0-2021-3444)

Vulnerability from cvelistv5

Published

2021-03-23 17:45

Modified

2024-09-16 17:27

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-681 - Incorrect Conversion between Numeric Types

Summary

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

References

►

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809	x_refsource_MISC
	https://www.openwall.com/lists/oss-security/2021/03/23/2	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/03/23/2	mailing-list, x_refsource_MLIST
	http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210416-0006/	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	mailing-list, x_refsource_MLIST
	http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Linux	kernel	Version: trunk < 5.12-rc1 Version: 5.11 < 5.11.2 Version: 5.10 < 5.10.19 Version: 5.4 < 5.4.101

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2"
          },
          {
            "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210416-0006/"
          },
          {
            "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.12-rc1",
              "status": "affected",
              "version": "trunk",
              "versionType": "custom"
            },
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11",
              "versionType": "custom"
            },
            {
              "lessThan": "5.10.19",
              "status": "affected",
              "version": "5.10",
              "versionType": "custom"
            },
            {
              "lessThan": "5.4.101",
              "status": "affected",
              "version": "5.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "De4dCr0w of 360 Alpha Lab"
        }
      ],
      "datePublic": "2021-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-681",
              "description": "CWE-681: Incorrect Conversion between Numeric Types",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-12T18:06:17",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2"
        },
        {
          "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210416-0006/"
        },
        {
          "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Apply or update to a kernel that contains the commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\")."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Linux kernel bpf verifier incorrect mod32 truncation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-03-23T00:00:00.000Z",
          "ID": "CVE-2021-3444",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel bpf verifier incorrect mod32 truncation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "trunk",
                            "version_value": "5.12-rc1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.10",
                            "version_value": "5.10.19"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.4",
                            "version_value": "5.4.101"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "De4dCr0w of 360 Alpha Lab"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-681: Incorrect Conversion between Numeric Types"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2021/03/23/2",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2"
            },
            {
              "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2"
            },
            {
              "name": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210416-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210416-0006/"
            },
            {
              "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Apply or update to a kernel that contains the commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\")."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-3444",
    "datePublished": "2021-03-23T17:45:13.714724Z",
    "dateReserved": "2021-03-16T00:00:00",
    "dateUpdated": "2024-09-16T17:27:58.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-28660 (GCVE-0-2021-28660)

Vulnerability from cvelistv5

Published

2021-03-17 00:00

Modified

2024-08-03 21:47

Severity ?

CWE

Summary

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

References

►

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html	mailing-list
	https://security.netapp.com/advisory/ntap-20210507-0008/
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/18/1	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/21/2	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:47:32.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7"
          },
          {
            "name": "FEDORA-2021-bb755ed5e3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/"
          },
          {
            "name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210507-0008/"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/18/1"
          },
          {
            "name": "[oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/21/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7"
        },
        {
          "name": "FEDORA-2021-bb755ed5e3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/"
        },
        {
          "name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210507-0008/"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/18/1"
        },
        {
          "name": "[oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/21/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-28660",
    "datePublished": "2021-03-17T00:00:00",
    "dateReserved": "2021-03-17T00:00:00",
    "dateUpdated": "2024-08-03T21:47:32.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-28688 (GCVE-0-2021-28688)

Vulnerability from cvelistv5

Published

2021-04-06 18:07

Modified

2024-08-03 21:47

Severity ?

CWE

unknown

Summary

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.

References

►

URL

Tags

	https://xenbits.xenproject.org/xsa/advisory-371.txt	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

►

Linux

Version: 3.11 < unspecified
Patch: next of 4.3 < unspecified

Linux	Linux	Version: 5.11.1
Linux	Linux	Version: 5.12-rc
Linux	Linux	Version: 5.10.18
Linux	Linux	Patch: next of 5.9 < unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:47:33.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.12",
              "status": "unknown",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "3.11",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unaffected",
              "version": "next of 4.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.1"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12-rc"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10.18"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.12",
              "status": "unknown",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unaffected",
              "version": "next of 5.9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "{\u0027credit_data\u0027: {\u0027description\u0027: {\u0027description_data\u0027: [{\u0027lang\u0027: \u0027eng\u0027, \u0027value\u0027: \u0027This issue was discovered by Nicolai Stange of SUSE.\u0027}]}}}"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn\u0027t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "description": {
                "description_data": [
                  {
                    "lang": "eng",
                    "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver.  This can result in a host-wide\nDenial of Sevice (DoS)."
                  }
                ]
              }
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unknown",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-23T01:08:09",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@xen.org",
          "ID": "CVE-2021-28688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003c",
                            "version_value": "4.12"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "3.11"
                          },
                          {
                            "version_affected": "!\u003e",
                            "version_value": "4.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.11.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.12-rc"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.10.18"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003c",
                            "version_value": "4.12"
                          },
                          {
                            "version_affected": "?\u003e=",
                            "version_value": "4.4"
                          },
                          {
                            "version_affected": "!\u003e",
                            "version_value": "5.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "configuration": {
          "configuration_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."
                }
              ]
            }
          }
        },
        "credit": {
          "credit_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was discovered by Nicolai Stange of SUSE."
                }
              ]
            }
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn\u0027t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."
            }
          ]
        },
        "impact": {
          "impact_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver.  This can result in a host-wide\nDenial of Sevice (DoS)."
                }
              ]
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unknown"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xenproject.org/xsa/advisory-371.txt",
              "refsource": "MISC",
              "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            }
          ]
        },
        "workaround": {
          "workaround_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver."
                }
              ]
            }
          }
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2021-28688",
    "datePublished": "2021-04-06T18:07:41",
    "dateReserved": "2021-03-18T00:00:00",
    "dateUpdated": "2024-08-03T21:47:33.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2021:1395-1

Vulnerability from csaf_suse

CVE-2021-3444 (GCVE-0-2021-3444)

Vulnerability from cvelistv5

CVE-2021-28660 (GCVE-0-2021-28660)

Vulnerability from cvelistv5

CVE-2021-28688 (GCVE-0-2021-28688)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature