Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-29647 (GCVE-0-2021-29647)
Vulnerability from cvelistv5 – Published: 2021-03-30 20:36 – Updated: 2024-08-03 22:11
VLAI
EPSS
Summary
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan… | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-23T01:08:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29647",
"datePublished": "2021-03-30T20:36:42.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:06.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-29647",
"date": "2026-05-27",
"epss": "0.00094",
"percentile": "0.2611"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29647\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-03-30T21:15:14.157\",\"lastModified\":\"2024-11-21T06:01:33.987\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. qrtr_recvmsg en net/qrtr/qrtr.c permite a los atacantes obtener informaci\u00f3n sensible de la memoria del kernel debido a una estructura de datos parcialmente no inicializada, tambi\u00e9n se conoce como CID-50535249f624.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-909\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.11.11\",\"matchCriteriaId\":\"2375C9CB-E013-429D-9E0A-FBC249C5E180\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2021-AVI-482
Vulnerability from certfr_avis - Published: 2021-06-24 - Updated: 2021-06-24
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 9 Stretch versions ant\u00e9rieures \u00e0 4.19.194-1~deb9u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian 9 Stretch versions ant\u00e9rieures \u00e0 4.9.272-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"name": "CVE-2021-29264",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29264"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2020-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
},
{
"name": "CVE-2021-30002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30002"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2021-3483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3483"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2021-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3587"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2021-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
},
{
"name": "CVE-2021-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
},
{
"name": "CVE-2021-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3428"
},
{
"name": "CVE-2021-3506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3506"
},
{
"name": "CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"name": "CVE-2021-29265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29265"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2020-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2020-29374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29374"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-28688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28688"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2021-29155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29155"
},
{
"name": "CVE-2020-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-20292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20292"
},
{
"name": "CVE-2021-28660",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28660"
},
{
"name": "CVE-2021-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28964"
},
{
"name": "CVE-2021-31829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31829"
}
],
"initial_release_date": "2021-06-24T00:00:00",
"last_revision_date": "2021-06-24T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-482",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2689 du 22 juin 2021",
"url": "https://www.debian.org/lts/security/2021/dla-2689"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2690 du 22 juin 2021",
"url": "https://www.debian.org/lts/security/2021/dla-2690"
}
]
}
CERTFR-2021-AVI-751
Vulnerability from certfr_avis - Published: 2021-10-05 - Updated: 2021-10-05
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions sans le correctif du 04 octobre 2021",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1967"
},
{
"name": "CVE-2020-11303",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11303"
},
{
"name": "CVE-2020-29368",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
},
{
"name": "CVE-2021-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"name": "CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"name": "CVE-2021-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0707"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2020-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
},
{
"name": "CVE-2021-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2021-1969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1969"
},
{
"name": "CVE-2021-1932",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1932"
},
{
"name": "CVE-2020-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
},
{
"name": "CVE-2021-1949",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1949"
},
{
"name": "CVE-2021-38166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38166"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2021-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0702"
},
{
"name": "CVE-2021-1917",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1917"
},
{
"name": "CVE-2021-1984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1984"
},
{
"name": "CVE-2021-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3490"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2021-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30258"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2021-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0643"
},
{
"name": "CVE-2020-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"name": "CVE-2021-30257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30257"
},
{
"name": "CVE-2020-26140",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
},
{
"name": "CVE-2021-0652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"name": "CVE-2019-25045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25045"
},
{
"name": "CVE-2021-30288",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30288"
},
{
"name": "CVE-2021-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0703"
},
{
"name": "CVE-2021-30292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30292"
},
{
"name": "CVE-2021-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1983"
},
{
"name": "CVE-2021-1959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1959"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"name": "CVE-2021-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1936"
},
{
"name": "CVE-2021-30297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30297"
},
{
"name": "CVE-2021-30291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30291"
},
{
"name": "CVE-2021-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0941"
},
{
"name": "CVE-2021-1980",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1980"
},
{
"name": "CVE-2021-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0705"
},
{
"name": "CVE-2020-11264",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11264"
},
{
"name": "CVE-2021-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"name": "CVE-2021-1985",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1985"
},
{
"name": "CVE-2021-3489",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3489"
},
{
"name": "CVE-2021-27666",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27666"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-0940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0940"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2021-0937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0937"
},
{
"name": "CVE-2021-0939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0939"
},
{
"name": "CVE-2021-29155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29155"
},
{
"name": "CVE-2021-30305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30305"
},
{
"name": "CVE-2021-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1977"
},
{
"name": "CVE-2020-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
},
{
"name": "CVE-2021-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0938"
},
{
"name": "CVE-2021-0483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0483"
},
{
"name": "CVE-2021-20292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20292"
},
{
"name": "CVE-2021-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"name": "CVE-2021-30256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30256"
},
{
"name": "CVE-2021-1913",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1913"
},
{
"name": "CVE-2021-30312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30312"
},
{
"name": "CVE-2021-30310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30310"
},
{
"name": "CVE-2021-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1968"
},
{
"name": "CVE-2021-0936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0936"
},
{
"name": "CVE-2021-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1966"
},
{
"name": "CVE-2021-29646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29646"
},
{
"name": "CVE-2021-30302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30302"
},
{
"name": "CVE-2021-30306",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30306"
},
{
"name": "CVE-2020-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
}
],
"initial_release_date": "2021-10-05T00:00:00",
"last_revision_date": "2021-10-05T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-751",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 04 octobre 2021",
"url": "https://source.android.com/security/bulletin/2021-10-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 04 octobre 2021",
"url": "https://source.android.com/security/bulletin/pixel/2021-10-01"
}
]
}
CERTFR-2024-AVI-0203
Vulnerability from certfr_avis - Published: 2024-03-12 - Updated: 2024-03-12
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Cerberus PRO EN Engineering Tool versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN Fire Panel FC20 versions antérieures à MP8 | ||
| Siemens | N/A | RUGGEDCOM APE1808 avec Fortinet NGFW versions antérieures à V7.4.1 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions | ||
| Siemens | N/A | Sinteso FS20 EN Engineering Tool versions antérieures à MP8 | ||
| Siemens | N/A | SIMATIC RF160B (6GT2003-0FA00) versions antérieures à V2.2 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.2 | ||
| Siemens | N/A | Solid Edge versions antérieures à V223.0.11 | ||
| Siemens | N/A | Siveillance Control versions supérieures ou égales à V2.8 versions antérieures à V3.1.1 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Cerberus PRO EN Fire Panel FC72x versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | SINEMA Remote Connect Client versions antérieures à V3.1 SP1 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Sinteso Mobile versions antérieures à V3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cerberus PRO EN Engineering Tool versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Fire Panel FC20 versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 avec Fortinet NGFW versions ant\u00e9rieures \u00e0 V7.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Engineering Tool versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF160B (6GT2003-0FA00) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 V223.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Control versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.8 versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN Fire Panel FC72x versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Client versions ant\u00e9rieures \u00e0 V3.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso Mobile versions ant\u00e9rieures \u00e0 V3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"name": "CVE-2017-18509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
},
{
"name": "CVE-2021-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
},
{
"name": "CVE-2021-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
},
{
"name": "CVE-2022-20462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
},
{
"name": "CVE-2021-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
},
{
"name": "CVE-2021-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
},
{
"name": "CVE-2021-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"name": "CVE-2021-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
},
{
"name": "CVE-2021-0331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
},
{
"name": "CVE-2021-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
},
{
"name": "CVE-2021-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
},
{
"name": "CVE-2021-0478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
},
{
"name": "CVE-2021-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
},
{
"name": "CVE-2021-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
},
{
"name": "CVE-2021-0928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
},
{
"name": "CVE-2021-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2021-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2022-41329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
},
{
"name": "CVE-2021-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2022-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"name": "CVE-2021-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"name": "CVE-2022-20498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
},
{
"name": "CVE-2021-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
},
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
},
{
"name": "CVE-2022-42474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
},
{
"name": "CVE-2021-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"name": "CVE-2020-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2021-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
},
{
"name": "CVE-2021-0522",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
},
{
"name": "CVE-2021-39629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2022-20229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
},
{
"name": "CVE-2023-33306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33306"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-20423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
},
{
"name": "CVE-2021-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
},
{
"name": "CVE-2021-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
},
{
"name": "CVE-2021-0329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
},
{
"name": "CVE-2023-41675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-27997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
},
{
"name": "CVE-2023-29183",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29183"
},
{
"name": "CVE-2021-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
},
{
"name": "CVE-2023-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
},
{
"name": "CVE-2021-0963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
},
{
"name": "CVE-2021-0327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
},
{
"name": "CVE-2021-0653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
},
{
"name": "CVE-2021-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
},
{
"name": "CVE-2021-39634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"name": "CVE-2021-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
},
{
"name": "CVE-2023-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-22641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
},
{
"name": "CVE-2021-0919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
},
{
"name": "CVE-2021-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
},
{
"name": "CVE-2022-20500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2021-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
},
{
"name": "CVE-2020-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"name": "CVE-2021-0953",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
},
{
"name": "CVE-2021-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
},
{
"name": "CVE-2021-0961",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
},
{
"name": "CVE-2023-26207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2021-0652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"name": "CVE-2021-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
},
{
"name": "CVE-2021-39627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"name": "CVE-2021-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
},
{
"name": "CVE-2023-29179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
},
{
"name": "CVE-2021-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
},
{
"name": "CVE-2024-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22041"
},
{
"name": "CVE-2023-33305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
},
{
"name": "CVE-2022-20473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
},
{
"name": "CVE-2022-43947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
},
{
"name": "CVE-2023-41841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
},
{
"name": "CVE-2021-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
},
{
"name": "CVE-2022-20483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2024-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22045"
},
{
"name": "CVE-2022-42476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
},
{
"name": "CVE-2023-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
},
{
"name": "CVE-2021-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
},
{
"name": "CVE-2023-33301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
},
{
"name": "CVE-2021-0476",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
},
{
"name": "CVE-2021-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
},
{
"name": "CVE-2021-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
},
{
"name": "CVE-2021-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
},
{
"name": "CVE-2021-0520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
},
{
"name": "CVE-2021-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
},
{
"name": "CVE-2021-39633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"name": "CVE-2021-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
},
{
"name": "CVE-2021-0952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
},
{
"name": "CVE-2022-20476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
},
{
"name": "CVE-2020-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"name": "CVE-2022-20472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
},
{
"name": "CVE-2021-0326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
},
{
"name": "CVE-2021-0929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
},
{
"name": "CVE-2022-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
},
{
"name": "CVE-2021-0336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
},
{
"name": "CVE-2023-44250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
},
{
"name": "CVE-2021-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
},
{
"name": "CVE-2021-0515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
},
{
"name": "CVE-2022-20355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
},
{
"name": "CVE-2021-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
},
{
"name": "CVE-2021-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
},
{
"name": "CVE-2021-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
},
{
"name": "CVE-2024-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2023-29178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
},
{
"name": "CVE-2022-20130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"name": "CVE-2021-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"name": "CVE-2021-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
},
{
"name": "CVE-2021-39621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2022-42469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
},
{
"name": "CVE-2021-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"name": "CVE-2021-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"name": "CVE-2022-41327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
},
{
"name": "CVE-2021-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2023-36555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
},
{
"name": "CVE-2022-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"name": "CVE-2022-20468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
},
{
"name": "CVE-2023-22640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22640"
},
{
"name": "CVE-2021-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
},
{
"name": "CVE-2022-20469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"name": "CVE-2021-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
},
{
"name": "CVE-2021-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
},
{
"name": "CVE-2021-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
},
{
"name": "CVE-2023-22639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
},
{
"name": "CVE-2021-0683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
},
{
"name": "CVE-2022-20411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
},
{
"name": "CVE-2022-43953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
},
{
"name": "CVE-2023-33307",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33307"
},
{
"name": "CVE-2021-0328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
},
{
"name": "CVE-2021-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
},
{
"name": "CVE-2022-20466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
},
{
"name": "CVE-2023-40718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40718"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
},
{
"name": "CVE-2022-20127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"name": "CVE-2021-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
},
{
"name": "CVE-2021-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"name": "CVE-2022-45861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
},
{
"name": "CVE-2021-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
},
{
"name": "CVE-2021-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"name": "CVE-2021-0514",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
},
{
"name": "CVE-2021-0511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
},
{
"name": "CVE-2021-0931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
},
{
"name": "CVE-2024-21483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21483"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2023-45793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45793"
},
{
"name": "CVE-2021-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
},
{
"name": "CVE-2023-28001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28001"
},
{
"name": "CVE-2021-0970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
},
{
"name": "CVE-2021-0337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
},
{
"name": "CVE-2022-32257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32257"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2021-39623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"name": "CVE-2022-41330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
},
{
"name": "CVE-2021-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
},
{
"name": "CVE-2021-0325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
},
{
"name": "CVE-2021-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"name": "CVE-2022-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41334"
},
{
"name": "CVE-2024-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
},
{
"name": "CVE-2020-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2021-0302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
},
{
"name": "CVE-2021-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
},
{
"name": "CVE-2021-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
},
{
"name": "CVE-2023-33308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33308"
},
{
"name": "CVE-2023-29175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
},
{
"name": "CVE-2021-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
},
{
"name": "CVE-2021-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
},
{
"name": "CVE-2021-0474",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
},
{
"name": "CVE-2021-0930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
},
{
"name": "CVE-2021-39626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
},
{
"name": "CVE-2021-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
},
{
"name": "CVE-2023-25610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
},
{
"name": "CVE-2023-37935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
},
{
"name": "CVE-2021-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
},
{
"name": "CVE-2024-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22040"
},
{
"name": "CVE-2021-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
},
{
"name": "CVE-2021-0513",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
},
{
"name": "CVE-2021-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
},
{
"name": "CVE-2021-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
},
{
"name": "CVE-2021-0481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
},
{
"name": "CVE-2021-0964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
},
{
"name": "CVE-2021-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"name": "CVE-2021-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
},
{
"name": "CVE-2021-0334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
},
{
"name": "CVE-2021-0933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
},
{
"name": "CVE-2021-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
},
{
"name": "CVE-2023-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
},
{
"name": "CVE-2021-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-22039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22039"
},
{
"name": "CVE-2021-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
},
{
"name": "CVE-2021-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
},
{
"name": "CVE-2021-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
},
{
"name": "CVE-2024-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22044"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"initial_release_date": "2024-03-12T00:00:00",
"last_revision_date": "2024-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0203",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-792319 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-792319.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-918992 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-918992.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-353002 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-653855 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-225840 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-145196 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-382651 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-832273 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-366067 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-366067.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770721 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-576771 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
}
]
}
CNVD-2021-25616
Vulnerability from cnvd - Published: 2021-04-07
VLAI
Title
Linux kernel信息泄露漏洞(CNVD-2021-25616)
Description
Linux kernel是一种计算机操作系统内核,以C语言和汇编语言写成,符合POSIX标准,按GNU通用公共许可证发行。
Linux kernel 5.11.11之前版本中的net/qrtr/qrtr.c中的qrtr_recvmsg存在信息泄露漏洞。该漏洞源于部分未初始化的数据结构。攻击者可利用该漏洞获取敏感信息。
Severity
低
Patch Name
Linux kernel信息泄露漏洞(CNVD-2021-25616)的补丁
Patch Description
Linux kernel是一种计算机操作系统内核,以C语言和汇编语言写成,符合POSIX标准,按GNU通用公共许可证发行。
Linux kernel 5.11.11之前版本中的net/qrtr/qrtr.c中的qrtr_recvmsg存在信息泄露漏洞。该漏洞源于部分未初始化的数据结构。攻击者可利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-29647
Impacted products
| Name | Linux Linux kernel <5.11.11 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-29647",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29647"
}
},
"description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 5.11.11\u4e4b\u524d\u7248\u672c\u4e2d\u7684net/qrtr/qrtr.c\u4e2d\u7684qrtr_recvmsg\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u90e8\u5206\u672a\u521d\u59cb\u5316\u7684\u6570\u636e\u7ed3\u6784\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-25616",
"openTime": "2021-04-07",
"patchDescription": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\r\n\r\nLinux kernel 5.11.11\u4e4b\u524d\u7248\u672c\u4e2d\u7684net/qrtr/qrtr.c\u4e2d\u7684qrtr_recvmsg\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u90e8\u5206\u672a\u521d\u59cb\u5316\u7684\u6570\u636e\u7ed3\u6784\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-25616\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux Linux kernel \u003c5.11.11"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29647",
"serverity": "\u4f4e",
"submitTime": "2021-03-31",
"title": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-25616\uff09"
}
FKIE_CVE-2021-29647
Vulnerability from fkie_nvd - Published: 2021-03-30 21:15 - Updated: 2024-11-21 06:01
Severity
Summary
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2375C9CB-E013-429D-9E0A-FBC249C5E180",
"versionEndExcluding": "5.11.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. qrtr_recvmsg en net/qrtr/qrtr.c permite a los atacantes obtener informaci\u00f3n sensible de la memoria del kernel debido a una estructura de datos parcialmente no inicializada, tambi\u00e9n se conoce como CID-50535249f624."
}
],
"id": "CVE-2021-29647",
"lastModified": "2024-11-21T06:01:33.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T21:15:14.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FH6X-896F-FRCG
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-29647"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",
"id": "GHSA-fh6x-896f-frcg",
"modified": "2022-05-24T17:45:54Z",
"published": "2022-05-24T17:45:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29647"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2021-29647
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-29647",
"description": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",
"id": "GSD-2021-29647",
"references": [
"https://www.suse.com/security/cve/CVE-2021-29647.html",
"https://ubuntu.com/security/CVE-2021-29647",
"https://security.archlinux.org/CVE-2021-29647"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-29647"
],
"details": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",
"id": "GSD-2021-29647",
"modified": "2023-12-13T01:23:36.673514Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.11.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29647"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11",
"refsource": "MISC",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-05-16T20:41Z",
"publishedDate": "2021-03-30T21:15Z"
}
}
}
ICSA-24-074-07
Vulnerability from csaf_cisa - Published: 2024-03-14 06:00 - Updated: 2024-03-14 06:00Summary
Siemens SIMATIC
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of a privileged process.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
8.1 (High)
7.8 (High)
5.0 (Medium)
7.8 (High)
5.5 (Medium)
7.5 (High)
8.1 (High)
7.8 (High)
6.7 (Medium)
CWE-326
- Inadequate Encryption Strength
7.4 (High)
5.4 (Medium)
4.2 (Medium)
4.4 (Medium)
7.8 (High)
7.8 (High)
7.8 (High)
8.8 (High)
7.5 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.3 (High)
7.3 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.5 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
5.5 (Medium)
9.8 (Critical)
9.8 (Critical)
7.8 (High)
5.5 (Medium)
7.8 (High)
7.5 (High)
8.0 (High)
7.3 (High)
7.5 (High)
5.5 (Medium)
7.8 (High)
7.8 (High)
4.7 (Medium)
5.5 (Medium)
5.5 (Medium)
8.8 (High)
9.8 (Critical)
7.0 (High)
7.8 (High)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
7.3 (High)
8.8 (High)
7.0 (High)
7.0 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
8.1 (High)
9.8 (Critical)
9.8 (Critical)
7.8 (High)
7.0 (High)
5.5 (Medium)
7.5 (High)
5.5 (Medium)
6.7 (Medium)
7.8 (High)
7.8 (High)
5.5 (Medium)
7.8 (High)
7.3 (High)
7.8 (High)
8.0 (High)
7.5 (High)
5.5 (Medium)
7.3 (High)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
6.5 (Medium)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
7.8 (High)
5.0 (Medium)
7.0 (High)
5.5 (Medium)
6.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
8.1 (High)
5.0 (Medium)
6.4 (Medium)
7.8 (High)
7.8 (High)
7.8 (High)
8.8 (High)
5.5 (Medium)
8.0 (High)
5.0 (Medium)
7.8 (High)
4.4 (Medium)
7.1 (High)
6.5 (Medium)
8.8 (High)
8.8 (High)
8.8 (High)
7.8 (High)
9.8 (Critical)
9.8 (Critical)
5.5 (Medium)
7.8 (High)
6.8 (Medium)
7.8 (High)
9.8 (Critical)
7.8 (High)
7.8 (High)
7.0 (High)
5.5 (Medium)
7.8 (High)
9.8 (Critical)
9.8 (Critical)
5.5 (Medium)
9.8 (Critical)
5.5 (Medium)
8.8 (High)
7.8 (High)
7.0 (High)
4.6 (Medium)
7.8 (High)
5.5 (Medium)
6.5 (Medium)
8.8 (High)
9.8 (Critical)
9.8 (Critical)
5.5 (Medium)
7.5 (High)
4.4 (Medium)
5.5 (Medium)
References
198 references
Acknowledgments
Siemens
{
"document": {
"acknowledgments": [
{
"organization": "Siemens",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of a privileged process.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-074-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-074-07.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-074-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC",
"tracking": {
"current_release_date": "2024-03-14T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-074-07",
"initial_release_date": "2024-03-14T06:00:00.000000Z",
"revision_history": [
{
"date": "2024-03-14T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.2",
"product": {
"name": "Siemens SIMATIC RF160B (6GT2003-0FA00): \u003cV2.2",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC RF160B (6GT2003-0FA00)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-14491",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An attacker could cause a crash or potentially execute arbitrary code by sending specially crafted DNS responses to the DNSmasq process. In order to exploit this vulnerability, an attacker must be able to trigger DNS requests from the device, and must be in a privileged position to inject malicious DNS responses.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2017-18509",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-0338",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-9 Android ID: A-123700107",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-0417",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-154319182",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-10768",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being \u0027force disabled\u0027 when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-11301",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-14305",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds memory write flaw was found in how the Linux kernel\u0027s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-14381",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux kernel\u0027s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-15436",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24587",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-25705",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "A flaw in ICMP packets in the Linux kernel was found to allow to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26555",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26558",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-29660",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-29661",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0302",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android-9 Android-10Android ID: A-155287782",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0305",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10 Android ID: A-154015447",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0325",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-174238784",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0326",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In p2p_copy_client_info of p2p.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi direct search, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-172937525",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0327",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-172935267",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0328",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-172670415",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0329",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In several native functions called by AdvertiseManager.java, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-171400004",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0330",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-170732441",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0331",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-170731783",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0333",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-168504491",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0334",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-163358811",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0336",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-158219161",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0337",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-157474195",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0339",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-145728687",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0341",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-171980069",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0390",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174749461",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0391",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172841550",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0392",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-175124730",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0393",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-168041375",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0394",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172655291",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0396",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-160610106",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0397",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174052148",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0399",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-176919394References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0400",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-177561690",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0429",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-175074139",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0431",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174149901",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0433",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-171221090",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0434",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In onReceive of BluetoothPermissionRequest.java, a phishing attack is possible allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-167403112",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0435",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174150451",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0436",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out-of-bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176496160",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0437",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176168330",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0438",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10 Android ID: A-152064592",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0443",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-170474245",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0444",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-178825358",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0471",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444786",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0473",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179687208",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0474",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-177611958",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0476",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-169252501",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0478",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-169255797",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0480",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-174493336",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-172939189",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0484",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-173720767",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0506",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-181962311",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0507",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181860042",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0508",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176444154",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0509",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444161",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0510",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444622",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0511",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-178055795",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0512",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-173843328References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0513",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-156090809",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0514",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-9, Android-11, Android-8.1 Android ID: A-162604069",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0515",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-167389063",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out-of-bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181660448",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0519",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-176533109",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0520",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-10 Android ID: A-176237595",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0521",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174661955",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0522",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out-of-bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-174182139",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0584",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In verifyBufferObject of Parcel.cpp, there is a possible out-of-bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-179289794",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0585",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In beginWrite and beginRead of MessageQueueBase.h, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-184963385",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0586",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-182584940",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0587",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out-of-bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185259758",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0588",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-177238342",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0589",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-180939982",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0591",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179386960",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0593",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179386068",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0594",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176445224",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0596",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181346550",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0597",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176496502",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0598",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-180422108",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0599",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-175614289",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0600",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-179042963",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0601",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out-of-bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-180643802",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0604",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179910660",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0640",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In noteAtomLogged of StatsdStats.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-187957589",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0641",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185235454",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0642",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-185126149",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0646",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In sqlite3_str_vappendf of sqlite3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process\u0027s SQL with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-153352319",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0650",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-190286685",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0651",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In loadLabel of PackageItemInfo.java, there is a possible way to cause a denial of service in a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-67013844",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0652",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing objects that are not thread-safe. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185178568",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0653",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-177931370",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0682",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-159624555",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0683",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In runTraceIpcStop of ActivityManagerShellCommand.java, deletion of system files is possible due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-185398942",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0684",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out-of-bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179839665",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0687",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-188913943",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0688",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-161149543",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0689",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-190188264",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0690",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out-of-bounds write due to heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-182152757",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0692",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-179289753",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0695",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In get_sock_stat of xt_qtaguid.c, there is a possible out-of-bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-184018316References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0704",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-179338675",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0706",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android Versions: Android-10 Android-11Android ID: A-193444889",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0708",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In runDumpHeap of ActivityManagerShellCommand.java, deletion of system files is possible due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-183262161",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0870",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In RW_SetActivatedTagType of rw_main.cc, memory corruption is possible due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-192472262",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0919",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-197336441",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0920",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-196926917References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0926",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user\u0027s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-191053931",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0928",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-188675581",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0929",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-187527909 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0930",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-181660091",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0931",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-180747689",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0933",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-172251622",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0952",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user\u0027s contacts with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-195748381",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0953",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-184046278",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0961",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-196046570References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0963",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-199754277",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0964",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-193363621",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0965",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user\u0027s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194300867",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0967",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In vorbis_book_decodev_set of codebook.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-199065614",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0968",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In osi_malloc and osi_calloc of allocator.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-197868577",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0970",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-196970023",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-1972",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-1976",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-29647",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-33909",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an out-of-bounds write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-38204",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39621",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-185126319",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39623",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In doRead of SimpleDecodingSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194105348",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39626",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194695497",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39627",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-185126549",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39629",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-197353344",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39633",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-150694665 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39634",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-204450605References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20127",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-221862119",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20130",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-224314979",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20227",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In USB driver, there is a possible out-of-bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-216825460 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20229",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-224536184",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20355",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-219498290",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20411",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In avdt_msg_asmbl of avdt_msg.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-232023771",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20421",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239630375 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20422",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-237540956 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20423",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In rndis_set_response of rndis.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239842288 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20462",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-230356196",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20466",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "summary",
"text": "In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user\u0027s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-179725730",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20468",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In BNEP_ConnectResp of bnep_api.cc, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-228450451",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20469",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-230867224",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20472",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-239210579",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20473",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-239267173",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20476",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-240936919",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20483",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out-of-bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-242459126",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20498",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In fdt_path_offset_namelen of fdt_ro.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-246465319",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20500",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-246540168",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
MSRC_CVE-2021-29647
Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2023-03-10 00:00Summary
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure aka CID-50535249f624.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29647 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure aka CID-50535249f624. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-29647.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure aka CID-50535249f624.",
"tracking": {
"current_release_date": "2023-03-10T00:00:00.000Z",
"generator": {
"date": "2025-12-27T19:04:30.582Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-29647",
"initial_release_date": "2021-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-04-06T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added kernel to CBL-Mariner 2.0"
},
{
"date": "2023-03-10T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 kernel 5.10.78.1-1",
"product": {
"name": "\u003ccbl2 kernel 5.10.78.1-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 kernel 5.10.78.1-1",
"product": {
"name": "cbl2 kernel 5.10.78.1-1",
"product_id": "16920"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kernel 5.10.78.1-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kernel 5.10.78.1-1 as a component of CBL Mariner 2.0",
"product_id": "16920-17086"
},
"product_reference": "16920",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29647",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16920-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29647 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure aka CID-50535249f624. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-29647.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-04-06T00:00:00.000Z",
"details": "5.10.78.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure aka CID-50535249f624."
}
]
}
OPENSUSE-SU-2021:0532-1
Vulnerability from csaf_opensuse - Published: 2021-04-10 06:14 - Updated: 2021-04-10 06:14Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).
The following non-security bugs were fixed:
- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)).
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
- ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- certs: Fix blacklist flag type confusion (git-fixes).
- cifs: check pointer before freeing (bsc#1183534).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530)
- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes
- drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel()
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes
- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm: Fix use-after-free in msm_gem with carveout') * context changes
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489)
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472)
- drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes:
- drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes
- drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- epoll: check for events when removing a timed out thread from the wait queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).
- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).
- Goodix Fingerprint device is not a modem (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).
- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).
- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- iavf: use generic power management (git-fixes).
- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).
- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).
- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).
- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).
- ice: fix memory leak if register_netdev_fails (git-fixes).
- ice: fix memory leak in ice_vsi_setup (git-fixes).
- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
- ice: renegotiate link after FW DCB on (jsc#SLE-8464).
- ice: report correct max number of TCs (jsc#SLE-7926).
- ice: update the number of available RSS queues (jsc#SLE-7926).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
- iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- Input: applespi - do not wait for responses to commands indefinitely (git-fixes).
- Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).
- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).
- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
- iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).
- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).
- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).
- ionic: linearize tso skb with too many frags (bsc#1167773).
- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).
- kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).
- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).
- kbuild: Fail if gold linker is detected (bcs#1181862).
- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).
- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).
- kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).
- kconfig: introduce m32-flag and m64-flag (bcs#1181862).
- KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).
- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
- KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445).
- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).
- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
- lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).
- media: mceusb: Fix potential out-of-bounds shift (git-fixes).
- media: mceusb: sanity check for prescaler value (git-fixes).
- media: rc: compile rc-cec.c into rc-core (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
- media: v4l: vsp1: Fix bru null pointer access (git-fixes).
- media: v4l: vsp1: Fix uif null pointer access (git-fixes).
- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
- misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).
- misc/pvpanic: Export module FDT device table (git-fixes).
- misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).
- mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).
- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
- netdevsim: init u64 stats for 32bit hardware (git-fixes).
- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).
- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix reference count leak in fec series ops (git-fixes).
- net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).
- net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).
- net: gianfar: Add of_node_put() before goto statement (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
- net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net: mvneta: fix double free of txq->buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association (bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).
- objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved (git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: comment on the list To explain what it actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools.
- rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown (git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes).
- staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes).
- staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes).
- staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes).
- staging: comedi: das6402: Fix endian problem for AI command data (git-fixes).
- staging: comedi: das800: Fix endian problem for AI command data (git-fixes).
- staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes).
- staging: comedi: me4000: Fix endian problem for AI command data (git-fixes).
- staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes).
- staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes).
- staging: fwserial: Fix error handling in fwserial_create (git-fixes).
- staging: gdm724x: Fix DMA from stack (git-fixes).
- staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes).
- staging: most: sound: add sanity check for function argument (git-fixes).
- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes).
- staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes).
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes).
- staging: rtl8192e: Change state information from u16 to u8 (git-fixes).
- staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes).
- staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes).
- staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes).
- staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes).
- staging: rtl8712: unterminated string leads to read overflow (git-fixes).
- stop_machine: mark helpers __always_inline (git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev USBip_sockfd_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).
- USB: replace hardcode maximum usb string length by definition (git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time (git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending (git-fixes).
- xen/events: reset affinity of 2-level event when tearing it down (git-fixes).
- xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).
Patchnames: openSUSE-2021-532
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
186 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n- CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n- CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nThe following non-security bugs were fixed:\n \n- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).\n- 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).\n- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). \n- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).\n- ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).\n- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).\n- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).\n- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).\n- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).\n- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).\n- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).\n- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).\n- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).\n- ALSA: hda: generic: Fix the micmute led init state (git-fixes).\n- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).\n- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).\n- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).\n- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).\n- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).\n- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).\n- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).\n- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).\n- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).\n- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).\n- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).\n- ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).\n- ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).\n- ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).\n- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).\n- ALSA: usb-audio: Fix \u0027cannot get freq eq\u0027 errors on Dell AE515 sound bar (bsc#1182552).\n- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).\n- ALSA: usb-audio: Fix \u0027RANGE setting not yet supported\u0027 errors (git-fixes).\n- ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).\n- ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).\n- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).\n- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).\n- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).\n- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).\n- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).\n- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).\n- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).\n- ASoC: cs42l42: Fix channel width support (git-fixes).\n- ASoC: cs42l42: Fix mixer volume control (git-fixes).\n- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).\n- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).\n- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).\n- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).\n- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n- ASoC: rt5670: Add emulated \u0027DAC1 Playback Switch\u0027 control (git-fixes).\n- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).\n- ASoC: rt5670: Remove \u0027HP Playback Switch\u0027 control (git-fixes).\n- ASoC: rt5670: Remove \u0027OUT Channel Switch\u0027 control (git-fixes).\n- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).\n- ASoC: simple-card-utils: Do not handle device clock (git-fixes).\n- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).\n- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).\n- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).\n- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).\n- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).\n- block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).\n- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).\n- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).\n- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).\n- bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).\n- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).\n- bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).\n- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).\n- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).\n- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).\n- bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).\n- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).\n- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).\n- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).\n- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).\n- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).\n- btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).\n- btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).\n- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).\n- btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).\n- btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).\n- btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).\n- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).\n- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).\n- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).\n- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).\n- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).\n- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).\n- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).\n- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).\n- can: peak_usb: add forgotten supported devices (git-fixes).\n- can: peak_usb: Revert \u0027can: peak_usb: add forgotten supported devices\u0027 (git-fixes).\n- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).\n- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).\n- certs: Fix blacklist flag type confusion (git-fixes).\n- cifs: check pointer before freeing (bsc#1183534).\n- completion: Drop init_completion define (git-fixes).\n- configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n- config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595\n- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).\n- crypto: arm64/sha - add missing module aliases (git-fixes).\n- crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).\n- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).\n- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).\n- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) \n- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).\n- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).\n- drm/amdgpu: Add check to prevent IH overflow (git-fixes).\n- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).\n- drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes\n- drm/amd/powerplay: fix spelling mistake \u0027smu_state_memroy_block\u0027 -\u003e (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes\n- drm/compat: Clear bounce structures (git-fixes).\n- drm/hisilicon: Fix use-after-free (git-fixes).\n- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).\n- drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel()\n- drm: meson_drv add shutdown function (git-fixes).\n- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).\n- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).\n- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes\n- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).\n- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes\n- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes\n- drm/msm/gem: Add obj-\u003elock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 (\u0027drm/msm: Fix use-after-free in msm_gem with carveout\u0027) * context changes\n- drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) \n- drm/nouveau/kms: handle mDP connectors (git-fixes).\n- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) \n- drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: \n- drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)\n- drm/radeon: fix AGP dependency (git-fixes).\n- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes\n- drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).\n- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes\n- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).\n- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4-\u003ehdmi * removed references to encoder-\u003ehdmi_monitor\n- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).\n- epoll: check for events when removing a timed out thread from the wait queue (git-fixes).\n- ethernet: alx: fix order of calls on resume (git-fixes).\n- exec: Move would_dump into flush_old_exec (git-fixes).\n- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n- exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).\n- extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).\n- extcon: Fix error handling in extcon_dev_register (git-fixes).\n- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).\n- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).\n- fsl/fman: check dereferencing null pointer (git-fixes).\n- fsl/fman: fix dereference null return value (git-fixes).\n- fsl/fman: fix eth hash table allocation (git-fixes).\n- fsl/fman: fix unreachable code (git-fixes).\n- fsl/fman: use 32-bit unsigned integer (git-fixes).\n- fuse: verify write return (git-fixes).\n- gcc-plugins: drop support for GCC \u003c= 4.7 (bcs#1181862).\n- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).\n- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).\n- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).\n- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).\n- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).\n- Goodix Fingerprint device is not a modem (git-fixes).\n- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).\n- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).\n- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).\n- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).\n- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).\n- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).\n- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).\n- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).\n- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).\n- iavf: use generic power management (git-fixes).\n- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).\n- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).\n- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).\n- ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n- ibmvnic: fix braces (bsc#1183871 ltc#192139).\n- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).\n- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).\n- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).\n- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).\n- ibmvnic: prefer \u0027unsigned long\u0027 over \u0027unsigned long int\u0027 (bsc#1183871 ltc#192139).\n- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).\n- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).\n- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).\n- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).\n- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).\n- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).\n- ice: fix memory leak if register_netdev_fails (git-fixes).\n- ice: fix memory leak in ice_vsi_setup (git-fixes).\n- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n- ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n- ice: report correct max number of TCs (jsc#SLE-7926).\n- ice: update the number of available RSS queues (jsc#SLE-7926).\n- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).\n- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).\n- iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).\n- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).\n- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).\n- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).\n- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).\n- Input: applespi - do not wait for responses to commands indefinitely (git-fixes).\n- Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).\n- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).\n- Input: raydium_ts_i2c - do not send zero length (git-fixes).\n- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).\n- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).\n- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).\n- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).\n- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).\n- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).\n- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).\n- iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).\n- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).\n- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).\n- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).\n- ionic: linearize tso skb with too many frags (bsc#1167773).\n- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).\n- kbuild: change *FLAGS_\u003cbasetarget\u003e.o to take the path relative to $(obj) (bcs#1181862).\n- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).\n- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).\n- kbuild: Fail if gold linker is detected (bcs#1181862).\n- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).\n- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).\n- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).\n- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).\n- kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).\n- kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n- KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).\n- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n- KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). \n- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 (\u0027kvm: tracing: Fix unmatched kvm_entry and kvm_exit events\u0027, bsc#1182770).\n- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).\n- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).\n- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).\n- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).\n- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).\n- KVM: x86: Set so called \u0027reserved CR3 bits in LM mask\u0027 at vCPU reset (bsc#1183288).\n- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).\n- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).\n- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).\n- lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).\n- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).\n- mac80211: fix double free in ibss_leave (git-fixes).\n- mac80211: fix rate mask reset (git-fixes).\n- mdio: fix mdio-thunder.c dependency \u0026 build error (git-fixes).\n- media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).\n- media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).\n- media: mceusb: Fix potential out-of-bounds shift (git-fixes).\n- media: mceusb: sanity check for prescaler value (git-fixes).\n- media: rc: compile rc-cec.c into rc-core (git-fixes).\n- media: usbtv: Fix deadlock on suspend (git-fixes).\n- media: uvcvideo: Allow entities with no pads (git-fixes).\n- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).\n- media: v4l: vsp1: Fix bru null pointer access (git-fixes).\n- media: v4l: vsp1: Fix uif null pointer access (git-fixes).\n- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).\n- misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).\n- misc/pvpanic: Export module FDT device table (git-fixes).\n- misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).\n- mmc: core: Fix partition switch time for eMMC (git-fixes).\n- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).\n- mmc: mxs-mmc: Fix a resource leak in an error handling path in \u0027mxs_mmc_probe()\u0027 (git-fixes).\n- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).\n- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).\n- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).\n- mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).\n- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).\n- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).\n- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).\n- netdevsim: init u64 stats for 32bit hardware (git-fixes).\n- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n- net: enic: Cure the enic api locking trainwreck (git-fixes).\n- net: ethernet: aquantia: Fix wrong return value (git-fixes).\n- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).\n- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).\n- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).\n- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n- net: fec: Fix reference count leak in fec series ops (git-fixes).\n- net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).\n- net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).\n- net: gianfar: Add of_node_put() before goto statement (git-fixes).\n- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).\n- net: korina: fix kfree of rx/tx descriptor array (git-fixes).\n- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).\n- net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).\n- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).\n- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).\n- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n- net: mvneta: fix double free of txq-\u003ebuf (git-fixes).\n- net: mvneta: make tx buffer array agnostic (git-fixes).\n- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).\n- netsec: restore phy power state after controller reset (bsc#1183757).\n- net: spider_net: Fix the size used in a \u0027dma_free_coherent()\u0027 call (git-fixes).\n- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).\n- net: stmmac: removed enabling eee in EEE set callback (git-fixes).\n- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).\n- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).\n- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).\n- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).\n- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).\n- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).\n- nvme-fabrics: fix kato initialization (bsc#1182591).\n- nvme-fabrics: only reserve a single tag (bsc#1182077).\n- nvme-fc: fix racing controller reset and create association (bsc#1183048).\n- nvme-hwmon: Return error code when registration fails (bsc#1177326).\n- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).\n- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).\n- nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).\n- objtool: Fix \u0027.cold\u0027 section suffix check for newer versions of GCC (bsc#1169514).\n- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).\n- objtool: Fix retpoline detection in asm code (bsc#1169514).\n- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n- ovl: fix out of date comment and unreachable code (bsc#1184176).\n- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).\n- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).\n- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).\n- ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n- ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).\n- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).\n- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).\n- PCI: Align checking of syscall user config accessors (git-fixes).\n- PCI: Decline to resize resources if boot config must be preserved (git-fixes).\n- PCI: Fix pci_register_io_range() memory leak (git-fixes).\n- PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).\n- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).\n- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).\n- pinctrl: rockchip: fix restore error in resume (git-fixes).\n- Platform: OLPC: Fix probe error handling (git-fixes).\n- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).\n- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).\n- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).\n- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).\n- platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).\n- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).\n- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).\n- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).\n- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).\n- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).\n- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).\n- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n- printk: fix deadlock when kernel panic (bsc#1183018).\n- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).\n- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).\n- qxl: Fix uninitialised struct field head.surface_id (git-fixes).\n- random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)\n- Revert \u0027net: bonding: fix error return code of bond_neigh_init()\u0027 (bsc#1154353).\n- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).\n- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.\n- rpm/check-for-config-changes: comment on the list To explain what it actually is.\n- rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.\n- rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use \u0027 for quoting * prepend CONFIG_ dynamically, so it need not be in the list\n- rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel\u0027s dummy-tools.\n- rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.\n- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).\n- rsi: Move card interrupt handling to RX thread (git-fixes).\n- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).\n- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).\n- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).\n- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).\n- s390/qeth: fix notification for pending buffers during teardown (git-fixes).\n- s390/qeth: improve completion of pending TX buffers (git-fixes).\n- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).\n- s390/vtime: fix increased steal time accounting (bsc#1183859).\n- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).\n- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).\n- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).\n- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).\n- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).\n- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).\n- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).\n- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).\n- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).\n- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).\n- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).\n- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).\n- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).\n- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).\n- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).\n- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).\n- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).\n- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).\n- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).\n- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).\n- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).\n- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).\n- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).\n- scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).\n- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).\n- selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).\n- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).\n- selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).\n- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).\n- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).\n- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).\n- software node: Fix node registration (git-fixes).\n- spi: stm32: make spurious and overrun interrupts visible (git-fixes).\n- squashfs: fix inode lookup sanity checks (bsc#1183750).\n- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).\n- staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes).\n- staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes).\n- staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes).\n- staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes).\n- staging: comedi: das6402: Fix endian problem for AI command data (git-fixes).\n- staging: comedi: das800: Fix endian problem for AI command data (git-fixes).\n- staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes).\n- staging: comedi: me4000: Fix endian problem for AI command data (git-fixes).\n- staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes).\n- staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes).\n- staging: fwserial: Fix error handling in fwserial_create (git-fixes).\n- staging: gdm724x: Fix DMA from stack (git-fixes).\n- staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes).\n- staging: most: sound: add sanity check for function argument (git-fixes).\n- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes).\n- staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes).\n- staging: rtl8188eu: prevent -\u003essid overflow in rtw_wx_set_scan() (git-fixes).\n- staging: rtl8192e: Change state information from u16 to u8 (git-fixes).\n- staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes).\n- staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes).\n- staging: rtl8192u: fix -\u003essid overflow in r8192_wx_set_scan() (git-fixes).\n- staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes).\n- staging: rtl8712: unterminated string leads to read overflow (git-fixes).\n- stop_machine: mark helpers __always_inline (git-fixes).\n- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)\n- USB: cdc-acm: fix double free on probe failure (git-fixes).\n- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).\n- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).\n- USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).\n- USB: dwc3: gadget: Fix dep-\u003einterval for fullspeed interrupt (git-fixes).\n- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).\n- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).\n- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).\n- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).\n- USB: gadget: f_uac1: stop playback on function disable (git-fixes).\n- USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).\n- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).\n- USB: gadget: u_ether: Fix a configfs return code (git-fixes).\n- USBip: Fix incorrect double assignment to udc-\u003eud.tcp_rx (git-fixes).\n- USBip: fix stub_dev to check for stream socket (git-fixes).\n- USBip: fix stub_dev USBip_sockfd_store() races leading to gpf (git-fixes).\n- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).\n- USBip: fix vhci_hcd to check for stream socket (git-fixes).\n- USBip: fix vudc to check for stream socket (git-fixes).\n- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).\n- USBip: tools: fix build error for multiple definition (git-fixes).\n- USB: musb: Fix suspend with devices connected for a64 (git-fixes).\n- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).\n- USB: replace hardcode maximum usb string length by definition (git-fixes).\n- USB: serial: ch341: add new Product ID (git-fixes).\n- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).\n- USB: serial: cp210x: add some more GE USB IDs (git-fixes).\n- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).\n- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).\n- USB-storage: Add quirk to defeat Kindle\u0027s automatic unload (git-fixes).\n- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).\n- USB: usblp: fix a hang in poll() if disconnected (git-fixes).\n- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).\n- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).\n- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).\n- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).\n- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)\n- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).\n- VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).\n- vt/consolemap: do font sum unsigned (git-fixes).\n- watchdog: mei_wdt: request stop on unregister (git-fixes).\n- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).\n- wireguard: kconfig: use arm chacha even with no neon (git-fixes).\n- wireguard: selftests: test multiple parallel streams (git-fixes).\n- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).\n- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).\n- xen/events: avoid handling the same event on two cpus at the same time (git-fixes).\n- xen/events: do not unmask an event channel when an eoi is pending (git-fixes).\n- xen/events: reset affinity of 2-level event when tearing it down (git-fixes).\n- xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).\n- xen-netback: respect gnttab_map_refs()\u0027s return value (bsc#1183022 XSA-367).\n- xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).\n- xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).\n- xhci: Improve detection of device initiated wake signal (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-532",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0532-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0532-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZC652CKFCHQCNNU7MZKBTO27OZE22Q5U/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0532-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZC652CKFCHQCNNU7MZKBTO27OZE22Q5U/"
},
{
"category": "self",
"summary": "SUSE Bug 1152472",
"url": "https://bugzilla.suse.com/1152472"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1153274",
"url": "https://bugzilla.suse.com/1153274"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1155518",
"url": "https://bugzilla.suse.com/1155518"
},
{
"category": "self",
"summary": "SUSE Bug 1156256",
"url": "https://bugzilla.suse.com/1156256"
},
{
"category": "self",
"summary": "SUSE Bug 1159280",
"url": "https://bugzilla.suse.com/1159280"
},
{
"category": "self",
"summary": "SUSE Bug 1160634",
"url": "https://bugzilla.suse.com/1160634"
},
{
"category": "self",
"summary": "SUSE Bug 1167773",
"url": "https://bugzilla.suse.com/1167773"
},
{
"category": "self",
"summary": "SUSE Bug 1168777",
"url": "https://bugzilla.suse.com/1168777"
},
{
"category": "self",
"summary": "SUSE Bug 1169514",
"url": "https://bugzilla.suse.com/1169514"
},
{
"category": "self",
"summary": "SUSE Bug 1169709",
"url": "https://bugzilla.suse.com/1169709"
},
{
"category": "self",
"summary": "SUSE Bug 1171295",
"url": "https://bugzilla.suse.com/1171295"
},
{
"category": "self",
"summary": "SUSE Bug 1173485",
"url": "https://bugzilla.suse.com/1173485"
},
{
"category": "self",
"summary": "SUSE Bug 1177326",
"url": "https://bugzilla.suse.com/1177326"
},
{
"category": "self",
"summary": "SUSE Bug 1178163",
"url": "https://bugzilla.suse.com/1178163"
},
{
"category": "self",
"summary": "SUSE Bug 1178330",
"url": "https://bugzilla.suse.com/1178330"
},
{
"category": "self",
"summary": "SUSE Bug 1179454",
"url": "https://bugzilla.suse.com/1179454"
},
{
"category": "self",
"summary": "SUSE Bug 1180197",
"url": "https://bugzilla.suse.com/1180197"
},
{
"category": "self",
"summary": "SUSE Bug 1180980",
"url": "https://bugzilla.suse.com/1180980"
},
{
"category": "self",
"summary": "SUSE Bug 1181383",
"url": "https://bugzilla.suse.com/1181383"
},
{
"category": "self",
"summary": "SUSE Bug 1181674",
"url": "https://bugzilla.suse.com/1181674"
},
{
"category": "self",
"summary": "SUSE Bug 1181862",
"url": "https://bugzilla.suse.com/1181862"
},
{
"category": "self",
"summary": "SUSE Bug 1182011",
"url": "https://bugzilla.suse.com/1182011"
},
{
"category": "self",
"summary": "SUSE Bug 1182077",
"url": "https://bugzilla.suse.com/1182077"
},
{
"category": "self",
"summary": "SUSE Bug 1182485",
"url": "https://bugzilla.suse.com/1182485"
},
{
"category": "self",
"summary": "SUSE Bug 1182552",
"url": "https://bugzilla.suse.com/1182552"
},
{
"category": "self",
"summary": "SUSE Bug 1182574",
"url": "https://bugzilla.suse.com/1182574"
},
{
"category": "self",
"summary": "SUSE Bug 1182591",
"url": "https://bugzilla.suse.com/1182591"
},
{
"category": "self",
"summary": "SUSE Bug 1182595",
"url": "https://bugzilla.suse.com/1182595"
},
{
"category": "self",
"summary": "SUSE Bug 1182715",
"url": "https://bugzilla.suse.com/1182715"
},
{
"category": "self",
"summary": "SUSE Bug 1182716",
"url": "https://bugzilla.suse.com/1182716"
},
{
"category": "self",
"summary": "SUSE Bug 1182717",
"url": "https://bugzilla.suse.com/1182717"
},
{
"category": "self",
"summary": "SUSE Bug 1182770",
"url": "https://bugzilla.suse.com/1182770"
},
{
"category": "self",
"summary": "SUSE Bug 1182989",
"url": "https://bugzilla.suse.com/1182989"
},
{
"category": "self",
"summary": "SUSE Bug 1183015",
"url": "https://bugzilla.suse.com/1183015"
},
{
"category": "self",
"summary": "SUSE Bug 1183018",
"url": "https://bugzilla.suse.com/1183018"
},
{
"category": "self",
"summary": "SUSE Bug 1183022",
"url": "https://bugzilla.suse.com/1183022"
},
{
"category": "self",
"summary": "SUSE Bug 1183023",
"url": "https://bugzilla.suse.com/1183023"
},
{
"category": "self",
"summary": "SUSE Bug 1183048",
"url": "https://bugzilla.suse.com/1183048"
},
{
"category": "self",
"summary": "SUSE Bug 1183252",
"url": "https://bugzilla.suse.com/1183252"
},
{
"category": "self",
"summary": "SUSE Bug 1183277",
"url": "https://bugzilla.suse.com/1183277"
},
{
"category": "self",
"summary": "SUSE Bug 1183278",
"url": "https://bugzilla.suse.com/1183278"
},
{
"category": "self",
"summary": "SUSE Bug 1183279",
"url": "https://bugzilla.suse.com/1183279"
},
{
"category": "self",
"summary": "SUSE Bug 1183280",
"url": "https://bugzilla.suse.com/1183280"
},
{
"category": "self",
"summary": "SUSE Bug 1183281",
"url": "https://bugzilla.suse.com/1183281"
},
{
"category": "self",
"summary": "SUSE Bug 1183282",
"url": "https://bugzilla.suse.com/1183282"
},
{
"category": "self",
"summary": "SUSE Bug 1183283",
"url": "https://bugzilla.suse.com/1183283"
},
{
"category": "self",
"summary": "SUSE Bug 1183284",
"url": "https://bugzilla.suse.com/1183284"
},
{
"category": "self",
"summary": "SUSE Bug 1183285",
"url": "https://bugzilla.suse.com/1183285"
},
{
"category": "self",
"summary": "SUSE Bug 1183286",
"url": "https://bugzilla.suse.com/1183286"
},
{
"category": "self",
"summary": "SUSE Bug 1183287",
"url": "https://bugzilla.suse.com/1183287"
},
{
"category": "self",
"summary": "SUSE Bug 1183288",
"url": "https://bugzilla.suse.com/1183288"
},
{
"category": "self",
"summary": "SUSE Bug 1183366",
"url": "https://bugzilla.suse.com/1183366"
},
{
"category": "self",
"summary": "SUSE Bug 1183369",
"url": "https://bugzilla.suse.com/1183369"
},
{
"category": "self",
"summary": "SUSE Bug 1183386",
"url": "https://bugzilla.suse.com/1183386"
},
{
"category": "self",
"summary": "SUSE Bug 1183412",
"url": "https://bugzilla.suse.com/1183412"
},
{
"category": "self",
"summary": "SUSE Bug 1183416",
"url": "https://bugzilla.suse.com/1183416"
},
{
"category": "self",
"summary": "SUSE Bug 1183427",
"url": "https://bugzilla.suse.com/1183427"
},
{
"category": "self",
"summary": "SUSE Bug 1183428",
"url": "https://bugzilla.suse.com/1183428"
},
{
"category": "self",
"summary": "SUSE Bug 1183445",
"url": "https://bugzilla.suse.com/1183445"
},
{
"category": "self",
"summary": "SUSE Bug 1183447",
"url": "https://bugzilla.suse.com/1183447"
},
{
"category": "self",
"summary": "SUSE Bug 1183501",
"url": "https://bugzilla.suse.com/1183501"
},
{
"category": "self",
"summary": "SUSE Bug 1183509",
"url": "https://bugzilla.suse.com/1183509"
},
{
"category": "self",
"summary": "SUSE Bug 1183530",
"url": "https://bugzilla.suse.com/1183530"
},
{
"category": "self",
"summary": "SUSE Bug 1183534",
"url": "https://bugzilla.suse.com/1183534"
},
{
"category": "self",
"summary": "SUSE Bug 1183540",
"url": "https://bugzilla.suse.com/1183540"
},
{
"category": "self",
"summary": "SUSE Bug 1183593",
"url": "https://bugzilla.suse.com/1183593"
},
{
"category": "self",
"summary": "SUSE Bug 1183596",
"url": "https://bugzilla.suse.com/1183596"
},
{
"category": "self",
"summary": "SUSE Bug 1183598",
"url": "https://bugzilla.suse.com/1183598"
},
{
"category": "self",
"summary": "SUSE Bug 1183637",
"url": "https://bugzilla.suse.com/1183637"
},
{
"category": "self",
"summary": "SUSE Bug 1183646",
"url": "https://bugzilla.suse.com/1183646"
},
{
"category": "self",
"summary": "SUSE Bug 1183662",
"url": "https://bugzilla.suse.com/1183662"
},
{
"category": "self",
"summary": "SUSE Bug 1183686",
"url": "https://bugzilla.suse.com/1183686"
},
{
"category": "self",
"summary": "SUSE Bug 1183692",
"url": "https://bugzilla.suse.com/1183692"
},
{
"category": "self",
"summary": "SUSE Bug 1183696",
"url": "https://bugzilla.suse.com/1183696"
},
{
"category": "self",
"summary": "SUSE Bug 1183750",
"url": "https://bugzilla.suse.com/1183750"
},
{
"category": "self",
"summary": "SUSE Bug 1183757",
"url": "https://bugzilla.suse.com/1183757"
},
{
"category": "self",
"summary": "SUSE Bug 1183775",
"url": "https://bugzilla.suse.com/1183775"
},
{
"category": "self",
"summary": "SUSE Bug 1183843",
"url": "https://bugzilla.suse.com/1183843"
},
{
"category": "self",
"summary": "SUSE Bug 1183859",
"url": "https://bugzilla.suse.com/1183859"
},
{
"category": "self",
"summary": "SUSE Bug 1183871",
"url": "https://bugzilla.suse.com/1183871"
},
{
"category": "self",
"summary": "SUSE Bug 1184167",
"url": "https://bugzilla.suse.com/1184167"
},
{
"category": "self",
"summary": "SUSE Bug 1184168",
"url": "https://bugzilla.suse.com/1184168"
},
{
"category": "self",
"summary": "SUSE Bug 1184170",
"url": "https://bugzilla.suse.com/1184170"
},
{
"category": "self",
"summary": "SUSE Bug 1184176",
"url": "https://bugzilla.suse.com/1184176"
},
{
"category": "self",
"summary": "SUSE Bug 1184192",
"url": "https://bugzilla.suse.com/1184192"
},
{
"category": "self",
"summary": "SUSE Bug 1184193",
"url": "https://bugzilla.suse.com/1184193"
},
{
"category": "self",
"summary": "SUSE Bug 1184196",
"url": "https://bugzilla.suse.com/1184196"
},
{
"category": "self",
"summary": "SUSE Bug 1184198",
"url": "https://bugzilla.suse.com/1184198"
},
{
"category": "self",
"summary": "SUSE Bug 1184217",
"url": "https://bugzilla.suse.com/1184217"
},
{
"category": "self",
"summary": "SUSE Bug 1184218",
"url": "https://bugzilla.suse.com/1184218"
},
{
"category": "self",
"summary": "SUSE Bug 1184219",
"url": "https://bugzilla.suse.com/1184219"
},
{
"category": "self",
"summary": "SUSE Bug 1184220",
"url": "https://bugzilla.suse.com/1184220"
},
{
"category": "self",
"summary": "SUSE Bug 1184224",
"url": "https://bugzilla.suse.com/1184224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19769 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27170 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27171 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27815 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35519 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27363 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27364 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27365 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28038 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28375 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28660 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28688 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28964 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28971 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28972 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29264 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29265 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29647 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3428 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3444 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3444/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-04-10T06:14:38Z",
"generator": {
"date": "2021-04-10T06:14:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0532-1",
"initial_release_date": "2021-04-10T06:14:38Z",
"revision_history": [
{
"date": "2021-04-10T06:14:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.3.18-lp152.69.1.noarch",
"product": {
"name": "kernel-devel-5.3.18-lp152.69.1.noarch",
"product_id": "kernel-devel-5.3.18-lp152.69.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-5.3.18-lp152.69.1.noarch",
"product": {
"name": "kernel-docs-5.3.18-lp152.69.1.noarch",
"product_id": "kernel-docs-5.3.18-lp152.69.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-5.3.18-lp152.69.1.noarch",
"product": {
"name": "kernel-docs-html-5.3.18-lp152.69.1.noarch",
"product_id": "kernel-docs-html-5.3.18-lp152.69.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.3.18-lp152.69.1.noarch",
"product": {
"name": "kernel-macros-5.3.18-lp152.69.1.noarch",
"product_id": "kernel-macros-5.3.18-lp152.69.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-5.3.18-lp152.69.1.noarch",
"product": {
"name": "kernel-source-5.3.18-lp152.69.1.noarch",
"product_id": "kernel-source-5.3.18-lp152.69.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"product": {
"name": "kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"product_id": "kernel-source-vanilla-5.3.18-lp152.69.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-debug-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-debug-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-debug-devel-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-default-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-default-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"product_id": "kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"product": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"product_id": "kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-default-devel-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-kvmsmall-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-obs-build-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-obs-qa-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-preempt-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-preempt-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-preempt-devel-5.3.18-lp152.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-5.3.18-lp152.69.1.x86_64",
"product": {
"name": "kernel-syms-5.3.18-lp152.69.1.x86_64",
"product_id": "kernel-syms-5.3.18-lp152.69.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-debug-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-default-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64"
},
"product_reference": "kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.3.18-lp152.69.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch"
},
"product_reference": "kernel-devel-5.3.18-lp152.69.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-5.3.18-lp152.69.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch"
},
"product_reference": "kernel-docs-5.3.18-lp152.69.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-5.3.18-lp152.69.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch"
},
"product_reference": "kernel-docs-html-5.3.18-lp152.69.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.3.18-lp152.69.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch"
},
"product_reference": "kernel-macros-5.3.18-lp152.69.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-preempt-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-devel-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.3.18-lp152.69.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch"
},
"product_reference": "kernel-source-5.3.18-lp152.69.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.3.18-lp152.69.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch"
},
"product_reference": "kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-5.3.18-lp152.69.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
},
"product_reference": "kernel-syms-5.3.18-lp152.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18814"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18814",
"url": "https://www.suse.com/security/cve/CVE-2019-18814"
},
{
"category": "external",
"summary": "SUSE Bug 1156256 for CVE-2019-18814",
"url": "https://bugzilla.suse.com/1156256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-18814"
},
{
"cve": "CVE-2019-19769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19769"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19769",
"url": "https://www.suse.com/security/cve/CVE-2019-19769"
},
{
"category": "external",
"summary": "SUSE Bug 1159280 for CVE-2019-19769",
"url": "https://bugzilla.suse.com/1159280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-19769"
},
{
"cve": "CVE-2020-27170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27170"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27170",
"url": "https://www.suse.com/security/cve/CVE-2020-27170"
},
{
"category": "external",
"summary": "SUSE Bug 1183686 for CVE-2020-27170",
"url": "https://bugzilla.suse.com/1183686"
},
{
"category": "external",
"summary": "SUSE Bug 1183775 for CVE-2020-27170",
"url": "https://bugzilla.suse.com/1183775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2020-27170"
},
{
"cve": "CVE-2020-27171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27171"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27171",
"url": "https://www.suse.com/security/cve/CVE-2020-27171"
},
{
"category": "external",
"summary": "SUSE Bug 1183686 for CVE-2020-27171",
"url": "https://bugzilla.suse.com/1183686"
},
{
"category": "external",
"summary": "SUSE Bug 1183775 for CVE-2020-27171",
"url": "https://bugzilla.suse.com/1183775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2020-27171"
},
{
"cve": "CVE-2020-27815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27815"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27815",
"url": "https://www.suse.com/security/cve/CVE-2020-27815"
},
{
"category": "external",
"summary": "SUSE Bug 1179454 for CVE-2020-27815",
"url": "https://bugzilla.suse.com/1179454"
},
{
"category": "external",
"summary": "SUSE Bug 1179458 for CVE-2020-27815",
"url": "https://bugzilla.suse.com/1179458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2020-27815"
},
{
"cve": "CVE-2020-35519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35519"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35519",
"url": "https://www.suse.com/security/cve/CVE-2020-35519"
},
{
"category": "external",
"summary": "SUSE Bug 1183696 for CVE-2020-35519",
"url": "https://bugzilla.suse.com/1183696"
},
{
"category": "external",
"summary": "SUSE Bug 1184953 for CVE-2020-35519",
"url": "https://bugzilla.suse.com/1184953"
},
{
"category": "external",
"summary": "SUSE Bug 1211495 for CVE-2020-35519",
"url": "https://bugzilla.suse.com/1211495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2020-35519"
},
{
"cve": "CVE-2021-27363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27363"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport\u0027s handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module\u0027s global variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27363",
"url": "https://www.suse.com/security/cve/CVE-2021-27363"
},
{
"category": "external",
"summary": "SUSE Bug 1182716 for CVE-2021-27363",
"url": "https://bugzilla.suse.com/1182716"
},
{
"category": "external",
"summary": "SUSE Bug 1182717 for CVE-2021-27363",
"url": "https://bugzilla.suse.com/1182717"
},
{
"category": "external",
"summary": "SUSE Bug 1183120 for CVE-2021-27363",
"url": "https://bugzilla.suse.com/1183120"
},
{
"category": "external",
"summary": "SUSE Bug 1200084 for CVE-2021-27363",
"url": "https://bugzilla.suse.com/1200084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-27363"
},
{
"cve": "CVE-2021-27364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27364"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27364",
"url": "https://www.suse.com/security/cve/CVE-2021-27364"
},
{
"category": "external",
"summary": "SUSE Bug 1182715 for CVE-2021-27364",
"url": "https://bugzilla.suse.com/1182715"
},
{
"category": "external",
"summary": "SUSE Bug 1182716 for CVE-2021-27364",
"url": "https://bugzilla.suse.com/1182716"
},
{
"category": "external",
"summary": "SUSE Bug 1182717 for CVE-2021-27364",
"url": "https://bugzilla.suse.com/1182717"
},
{
"category": "external",
"summary": "SUSE Bug 1200084 for CVE-2021-27364",
"url": "https://bugzilla.suse.com/1200084"
},
{
"category": "external",
"summary": "SUSE Bug 1214268 for CVE-2021-27364",
"url": "https://bugzilla.suse.com/1214268"
},
{
"category": "external",
"summary": "SUSE Bug 1218966 for CVE-2021-27364",
"url": "https://bugzilla.suse.com/1218966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-27364"
},
{
"cve": "CVE-2021-27365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27365"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27365",
"url": "https://www.suse.com/security/cve/CVE-2021-27365"
},
{
"category": "external",
"summary": "SUSE Bug 1182712 for CVE-2021-27365",
"url": "https://bugzilla.suse.com/1182712"
},
{
"category": "external",
"summary": "SUSE Bug 1182715 for CVE-2021-27365",
"url": "https://bugzilla.suse.com/1182715"
},
{
"category": "external",
"summary": "SUSE Bug 1183491 for CVE-2021-27365",
"url": "https://bugzilla.suse.com/1183491"
},
{
"category": "external",
"summary": "SUSE Bug 1200084 for CVE-2021-27365",
"url": "https://bugzilla.suse.com/1200084"
},
{
"category": "external",
"summary": "SUSE Bug 1214268 for CVE-2021-27365",
"url": "https://bugzilla.suse.com/1214268"
},
{
"category": "external",
"summary": "SUSE Bug 1218966 for CVE-2021-27365",
"url": "https://bugzilla.suse.com/1218966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-27365"
},
{
"cve": "CVE-2021-28038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28038"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28038",
"url": "https://www.suse.com/security/cve/CVE-2021-28038"
},
{
"category": "external",
"summary": "SUSE Bug 1183022 for CVE-2021-28038",
"url": "https://bugzilla.suse.com/1183022"
},
{
"category": "external",
"summary": "SUSE Bug 1183069 for CVE-2021-28038",
"url": "https://bugzilla.suse.com/1183069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28038"
},
{
"cve": "CVE-2021-28375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28375"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28375",
"url": "https://www.suse.com/security/cve/CVE-2021-28375"
},
{
"category": "external",
"summary": "SUSE Bug 1183596 for CVE-2021-28375",
"url": "https://bugzilla.suse.com/1183596"
},
{
"category": "external",
"summary": "SUSE Bug 1184955 for CVE-2021-28375",
"url": "https://bugzilla.suse.com/1184955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-28375"
},
{
"cve": "CVE-2021-28660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28660"
}
],
"notes": [
{
"category": "general",
"text": "rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28660",
"url": "https://www.suse.com/security/cve/CVE-2021-28660"
},
{
"category": "external",
"summary": "SUSE Bug 1183593 for CVE-2021-28660",
"url": "https://bugzilla.suse.com/1183593"
},
{
"category": "external",
"summary": "SUSE Bug 1183658 for CVE-2021-28660",
"url": "https://bugzilla.suse.com/1183658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-28660"
},
{
"cve": "CVE-2021-28688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28688"
}
],
"notes": [
{
"category": "general",
"text": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn\u0027t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28688",
"url": "https://www.suse.com/security/cve/CVE-2021-28688"
},
{
"category": "external",
"summary": "SUSE Bug 1183646 for CVE-2021-28688",
"url": "https://bugzilla.suse.com/1183646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28688"
},
{
"cve": "CVE-2021-28964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28964"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28964",
"url": "https://www.suse.com/security/cve/CVE-2021-28964"
},
{
"category": "external",
"summary": "SUSE Bug 1184193 for CVE-2021-28964",
"url": "https://bugzilla.suse.com/1184193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28964"
},
{
"cve": "CVE-2021-28971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28971"
}
],
"notes": [
{
"category": "general",
"text": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28971",
"url": "https://www.suse.com/security/cve/CVE-2021-28971"
},
{
"category": "external",
"summary": "SUSE Bug 1184196 for CVE-2021-28971",
"url": "https://bugzilla.suse.com/1184196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28971"
},
{
"cve": "CVE-2021-28972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28972"
}
],
"notes": [
{
"category": "general",
"text": "In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name \u0027\\0\u0027 termination, aka CID-cc7a0bb058b8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28972",
"url": "https://www.suse.com/security/cve/CVE-2021-28972"
},
{
"category": "external",
"summary": "SUSE Bug 1184198 for CVE-2021-28972",
"url": "https://bugzilla.suse.com/1184198"
},
{
"category": "external",
"summary": "SUSE Bug 1220060 for CVE-2021-28972",
"url": "https://bugzilla.suse.com/1220060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28972"
},
{
"cve": "CVE-2021-29264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29264"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29264",
"url": "https://www.suse.com/security/cve/CVE-2021-29264"
},
{
"category": "external",
"summary": "SUSE Bug 1184168 for CVE-2021-29264",
"url": "https://bugzilla.suse.com/1184168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-29264"
},
{
"cve": "CVE-2021-29265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29265"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29265",
"url": "https://www.suse.com/security/cve/CVE-2021-29265"
},
{
"category": "external",
"summary": "SUSE Bug 1184167 for CVE-2021-29265",
"url": "https://bugzilla.suse.com/1184167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-29265"
},
{
"cve": "CVE-2021-29647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29647"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29647",
"url": "https://www.suse.com/security/cve/CVE-2021-29647"
},
{
"category": "external",
"summary": "SUSE Bug 1184192 for CVE-2021-29647",
"url": "https://bugzilla.suse.com/1184192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-29647"
},
{
"cve": "CVE-2021-3428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3428"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3428",
"url": "https://www.suse.com/security/cve/CVE-2021-3428"
},
{
"category": "external",
"summary": "SUSE Bug 1173485 for CVE-2021-3428",
"url": "https://bugzilla.suse.com/1173485"
},
{
"category": "external",
"summary": "SUSE Bug 1183509 for CVE-2021-3428",
"url": "https://bugzilla.suse.com/1183509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-3428"
},
{
"cve": "CVE-2021-3444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3444"
}
],
"notes": [
{
"category": "general",
"text": "The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (\"bpf: Fix truncation handling for mod32 dst reg wrt zero\") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3444",
"url": "https://www.suse.com/security/cve/CVE-2021-3444"
},
{
"category": "external",
"summary": "SUSE Bug 1184170 for CVE-2021-3444",
"url": "https://bugzilla.suse.com/1184170"
},
{
"category": "external",
"summary": "SUSE Bug 1184171 for CVE-2021-3444",
"url": "https://bugzilla.suse.com/1184171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.69.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.69.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-10T06:14:38Z",
"details": "important"
}
],
"title": "CVE-2021-3444"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…