Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-29649 (GCVE-0-2021-29649)
Vulnerability from cvelistv5 – Published: 2021-03-30 20:36 – Updated: 2024-08-03 22:11
VLAI?
EPSS
Summary
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T03:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29649",
"datePublished": "2021-03-30T20:36:03.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:06.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29649\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-03-30T21:15:14.343\",\"lastModified\":\"2024-11-21T06:01:34.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El controlador de modo de usuario (UMD) tiene una fuga de memoria copy_process(), relacionada con una falta de pasos de limpieza en kernel/usermode_driver.c y kernel/bpf/preload/bpf_preload_kern.c, tambi\u00e9n conocido como CID-f60a85cad677.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.11.11\",\"matchCriteriaId\":\"2375C9CB-E013-429D-9E0A-FBC249C5E180\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2021-25961
Vulnerability from cnvd - Published: 2021-04-08
VLAI Severity ?
Title
Linux kernel内存泄漏漏洞(CNVD-2021-25961)
Description
Linux kernel是一种计算机操作系统内核,以C语言和汇编语言写成,符合POSIX标准,按GNU通用公共许可证发行。
Linux kernel 5.11.11之前版本的用户模式驱动程序(UMD)存在copy_process()内存泄漏漏洞。该漏洞源于kernel/usermode_driver.c和kernel/bpf/preload/bpf_preload_kern.c缺少清除步骤。目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Linux kernel内存泄漏漏洞(CNVD-2021-25961)的补丁
Patch Description
Linux kernel是一种计算机操作系统内核,以C语言和汇编语言写成,符合POSIX标准,按GNU通用公共许可证发行。
Linux kernel 5.11.11之前版本的用户模式驱动程序(UMD)存在copy_process()内存泄漏漏洞。该漏洞源于kernel/usermode_driver.c和kernel/bpf/preload/bpf_preload_kern.c缺少清除步骤。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-29649
Impacted products
| Name | Linux Linux kernel <5.11.11 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-29649",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29649"
}
},
"description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 5.11.11\u4e4b\u524d\u7248\u672c\u7684\u7528\u6237\u6a21\u5f0f\u9a71\u52a8\u7a0b\u5e8f(UMD)\u5b58\u5728copy_process()\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8ekernel/usermode_driver.c\u548ckernel/bpf/preload/bpf_preload_kern.c\u7f3a\u5c11\u6e05\u9664\u6b65\u9aa4\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-25961",
"openTime": "2021-04-08",
"patchDescription": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\r\n\r\nLinux kernel 5.11.11\u4e4b\u524d\u7248\u672c\u7684\u7528\u6237\u6a21\u5f0f\u9a71\u52a8\u7a0b\u5e8f(UMD)\u5b58\u5728copy_process()\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8ekernel/usermode_driver.c\u548ckernel/bpf/preload/bpf_preload_kern.c\u7f3a\u5c11\u6e05\u9664\u6b65\u9aa4\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\uff08CNVD-2021-25961\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux Linux kernel \u003c5.11.11"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29649",
"serverity": "\u4e2d",
"submitTime": "2021-03-31",
"title": "Linux kernel\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\uff08CNVD-2021-25961\uff09"
}
MSRC_CVE-2021-29649
Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2023-03-10 00:00Summary
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c aka CID-f60a85cad677.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.5 (Medium)
Vendor Fix
-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
Vendor Fix
5.10.78.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29649 An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c aka CID-f60a85cad677. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-29649.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c aka CID-f60a85cad677.",
"tracking": {
"current_release_date": "2023-03-10T00:00:00.000Z",
"generator": {
"date": "2025-12-27T19:04:30.569Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-29649",
"initial_release_date": "2021-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-04-06T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added kernel to CBL-Mariner 2.0"
},
{
"date": "2023-03-10T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 kernel 5.10.60.1-1",
"product": {
"name": "\u003ccm1 kernel 5.10.60.1-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 kernel 5.10.60.1-1",
"product": {
"name": "cm1 kernel 5.10.60.1-1",
"product_id": "16919"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 kernel 5.10.78.1-1",
"product": {
"name": "\u003ccbl2 kernel 5.10.78.1-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 kernel 5.10.78.1-1",
"product": {
"name": "cbl2 kernel 5.10.78.1-1",
"product_id": "16920"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 kernel 5.10.60.1-1 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 kernel 5.10.60.1-1 as a component of CBL Mariner 1.0",
"product_id": "16919-16820"
},
"product_reference": "16919",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kernel 5.10.78.1-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kernel 5.10.78.1-1 as a component of CBL Mariner 2.0",
"product_id": "16920-17086"
},
"product_reference": "16920",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29649",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16919-16820",
"16920-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29649 An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c aka CID-f60a85cad677. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-29649.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-04-06T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2021-04-06T00:00:00.000Z",
"details": "5.10.78.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c aka CID-f60a85cad677."
}
]
}
GHSA-VQFM-GGP3-M2H4
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI?
Details
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
{
"affected": [],
"aliases": [
"CVE-2021-29649"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.",
"id": "GHSA-vqfm-ggp3-m2h4",
"modified": "2022-05-24T17:45:54Z",
"published": "2022-05-24T17:45:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29649"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2021-AVI-372
Vulnerability from certfr_avis - Published: 2021-05-14 - Updated: 2021-05-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29264",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29264"
},
{
"name": "CVE-2021-26931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26931"
},
{
"name": "CVE-2020-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
},
{
"name": "CVE-2021-29657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29657"
},
{
"name": "CVE-2021-30002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30002"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2021-3483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3483"
},
{
"name": "CVE-2021-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26930"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2021-29649",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29649"
},
{
"name": "CVE-2021-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3490"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2020-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25639"
},
{
"name": "CVE-2021-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
},
{
"name": "CVE-2020-35519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35519"
},
{
"name": "CVE-2021-28952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28952"
},
{
"name": "CVE-2021-3493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3493"
},
{
"name": "CVE-2021-29265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29265"
},
{
"name": "CVE-2021-28038",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28038"
},
{
"name": "CVE-2021-29266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29266"
},
{
"name": "CVE-2020-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-28951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28951"
},
{
"name": "CVE-2021-28688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28688"
},
{
"name": "CVE-2021-3489",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3489"
},
{
"name": "CVE-2020-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
},
{
"name": "CVE-2021-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28972"
},
{
"name": "CVE-2021-20292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20292"
},
{
"name": "CVE-2021-28660",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28660"
},
{
"name": "CVE-2021-3491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3491"
},
{
"name": "CVE-2021-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28964"
},
{
"name": "CVE-2021-28375",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28375"
},
{
"name": "CVE-2021-29646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29646"
}
],
"initial_release_date": "2021-05-14T00:00:00",
"last_revision_date": "2021-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4947-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/USN-4947-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4946-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/USN-4946-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4950-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/USN-4950-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4945-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/USN-4945-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4948-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/USN-4948-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4949-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/USN-4949-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0076-1 du 11 mai 2021",
"url": "https://ubuntu.com/security/notices/LSN-0076-1"
}
]
}
WID-SEC-W-2022-1415
Vulnerability from csaf_certbund - Published: 2021-03-30 22:00 - Updated: 2023-06-27 22:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen und um einen Denial of Service Zustand auszulösen.
Betroffene Betriebssysteme: - UNIX
- Linux
Es existiert eine Schwachstelle im Linux Kernel. Der Fehler besteht aufgrund einer unsachgemäßen Validierung im "tipc_nl_retrieve_key" in der Datei "net/tipc/node.c". Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
Im Linux Kernel existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Dateien "net/qrtr/qrtr.c" und "kernel/usermode_driver.c" aufgrund einer nicht initialisierten Datenstruktur und eines copy_process()-Speicherlecks. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.
Im Linux Kernel existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Dateien "net/qrtr/qrtr.c" und "kernel/usermode_driver.c" aufgrund einer nicht initialisierten Datenstruktur und eines copy_process()-Speicherlecks. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.
Im Linux Kernel existieren mehrere Schwachstellen. Sie bestehen, weil die "resolved_ids" und "resolved_sizes" im "vmlinux BPF Type Format" absichtlich nicht initialisiert sind und dem Netfilter-Subsystemen "net/netfilter/x_tables.c" und "include/linux/netfilter/x_tables.h" eine vollständige Speichersperre fehlt. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um eine Denial-of-Service-Bedingung auszulösen.
Im Linux Kernel existieren mehrere Schwachstellen. Sie bestehen, weil die "resolved_ids" und "resolved_sizes" im "vmlinux BPF Type Format" absichtlich nicht initialisiert sind und dem Netfilter-Subsystemen "net/netfilter/x_tables.c" und "include/linux/netfilter/x_tables.h" eine vollständige Speichersperre fehlt. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um eine Denial-of-Service-Bedingung auszulösen.
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen und um einen Denial of Service Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1415 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1415.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1415 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1415"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2651-1 vom 2023-06-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015326.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2611-1 vom 2023-06-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015266.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9220 vom 2021-05-10",
"url": "https://linux.oracle.com/errata/ELSA-2021-9220.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9221 vom 2021-05-10",
"url": "https://linux.oracle.com/errata/ELSA-2021-9221.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4979-1 vom 2021-06-03",
"url": "https://ubuntu.com/security/notices/USN-4979-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4982-1 vom 2021-06-03",
"url": "https://ubuntu.com/security/notices/USN-4982-1"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2021-0016 vom 2021-06-03",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-June/001013.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9223 vom 2021-05-10",
"url": "https://linux.oracle.com/errata/ELSA-2021-9223.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9222 vom 2021-05-10",
"url": "https://linux.oracle.com/errata/ELSA-2021-9222.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4947-1 vom 2021-05-12",
"url": "https://ubuntu.com/security/notices/USN-4947-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4948-1 vom 2021-05-12",
"url": "https://ubuntu.com/security/notices/USN-4948-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4946-1 vom 2021-05-12",
"url": "https://ubuntu.com/security/notices/USN-4946-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4949-1 vom 2021-05-12",
"url": "https://ubuntu.com/security/notices/USN-4949-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4945-1 vom 2021-05-12",
"url": "https://ubuntu.com/security/notices/USN-4945-1"
},
{
"category": "external",
"summary": "Linux Kernel Change Log vom 2021-03-30",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"category": "external",
"summary": "National Vulnerability Database vom 2021-03-30",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29646"
},
{
"category": "external",
"summary": "National Vulnerability Database vom 2021-03-30",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29647"
},
{
"category": "external",
"summary": "National Vulnerability Database vom 2021-03-30",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29648"
},
{
"category": "external",
"summary": "National Vulnerability Database vom 2021-03-30",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29649"
},
{
"category": "external",
"summary": "National Vulnerability Database vom 2021-03-30",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29650"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1573-1 vom 2021-05-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008764.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1596-1 vom 2021-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008770.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1572-1 vom 2021-05-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008763.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1595-1 vom 2021-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008769.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:14724-1 vom 2021-05-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008759.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1571-1 vom 2021-05-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008760.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1574-1 vom 2021-05-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008767.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4984-1 vom 2021-06-04",
"url": "https://ubuntu.com/security/notices/USN-4984-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1605-1 vom 2021-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008775.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1915-1 vom 2021-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008971.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1175-1 vom 2021-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008625.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1176-1 vom 2021-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008627.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1177-1 vom 2021-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008624.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1622-1 vom 2021-05-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008778.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1617-1 vom 2021-05-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008777.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1624-1 vom 2021-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008781.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1625-1 vom 2021-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008782.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1623-1 vom 2021-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008780.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1211-1 vom 2021-04-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008642.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1210-1 vom 2021-04-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008641.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4945-2 vom 2021-05-19",
"url": "https://ubuntu.com/security/notices/USN-4945-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1238-1 vom 2021-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008645.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1627 vom 2021-04-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1627.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9215 vom 2021-05-06",
"url": "https://linux.oracle.com/errata/ELSA-2021-9215.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1977-1 vom 2021-06-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009018.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1975-1 vom 2021-06-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009015.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2690 vom 2021-06-23",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2689 vom 2021-06-23",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1516 vom 2021-07-13",
"url": "https://alas.aws.amazon.com/ALAS-2021-1516.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1685 vom 2021-07-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1685.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3327 vom 2021-08-31",
"url": "https://access.redhat.com/errata/RHSA-2021:3327"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3328 vom 2021-08-31",
"url": "https://access.redhat.com/errata/RHSA-2021:3328"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-3327 vom 2021-09-01",
"url": "http://linux.oracle.com/errata/ELSA-2021-3327.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2021:3327 vom 2021-09-01",
"url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048356.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-110 vom 2021-09-02",
"url": "https://downloads.avaya.com/css/P8/documents/101077405"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-110 vom 2021-09-02",
"url": "https://downloads.avaya.com/css/P8/documents/101077404"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3454 vom 2021-09-08",
"url": "https://access.redhat.com/errata/RHSA-2021:3454"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3653 vom 2021-09-23",
"url": "https://access.redhat.com/errata/RHSA-2021:3653"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4140 vom 2021-11-10",
"url": "https://access.redhat.com/errata/RHSA-2021:4140"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4356 vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4356"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2022-002 vom 2022-01-31",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-002.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5343-1 vom 2022-03-22",
"url": "https://ubuntu.com/security/notices/USN-5343-1"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2022-1462 vom 2022-09-14",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1462"
},
{
"category": "external",
"summary": "HPE SECURITY BULLETIN HPESBST04367 rev.1 vom 2022-09-21",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04367en_us"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9999 vom 2022-11-16",
"url": "http://linux.oracle.com/errata/ELSA-2022-9999.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-27T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:35:08.577+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1415",
"initial_release_date": "2021-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-04-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2021-05-05T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-05-09T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-05-10T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-05-11T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-05-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-05-16T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-05-17T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-05-18T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-06-03T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu und ORACLE aufgenommen"
},
{
"date": "2021-06-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-06-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-06-15T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-06-22T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-07-12T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2021-07-18T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2021-08-30T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-31T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-09-01T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2021-09-05T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2021-09-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-09-23T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-30T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-03-22T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-09-13T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2022-09-20T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2022-11-16T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-06-21T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-06-27T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "34"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Communication Manager",
"product": {
"name": "Avaya Aura Communication Manager",
"product_id": "T015126",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:communication_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Web License Manager",
"product": {
"name": "Avaya Web License Manager",
"product_id": "T016243",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:web_license_manager:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Fabric OS",
"product": {
"name": "HPE Fabric OS",
"product_id": "T019403",
"product_identification_helper": {
"cpe": "cpe:/o:hpe:fabric_os:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Linux Kernel \u003c 5.11.11",
"product": {
"name": "Open Source Linux Kernel \u003c 5.11.11",
"product_id": "T018740",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:5.11.11"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle VM",
"product": {
"name": "Oracle VM",
"product_id": "T011119",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29646",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel. Der Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Validierung im \"tipc_nl_retrieve_key\" in der Datei \"net/tipc/node.c\". Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T011119",
"T019403",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"1727",
"T004914"
]
},
"release_date": "2021-03-30T22:00:00.000+00:00",
"title": "CVE-2021-29646"
},
{
"cve": "CVE-2021-29647",
"notes": [
{
"category": "description",
"text": "Im Linux Kernel existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Dateien \"net/qrtr/qrtr.c\" und \"kernel/usermode_driver.c\" aufgrund einer nicht initialisierten Datenstruktur und eines copy_process()-Speicherlecks. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T019403",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"1727",
"T004914"
]
},
"release_date": "2021-03-30T22:00:00.000+00:00",
"title": "CVE-2021-29647"
},
{
"cve": "CVE-2021-29649",
"notes": [
{
"category": "description",
"text": "Im Linux Kernel existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Dateien \"net/qrtr/qrtr.c\" und \"kernel/usermode_driver.c\" aufgrund einer nicht initialisierten Datenstruktur und eines copy_process()-Speicherlecks. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T019403",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"1727",
"T004914"
]
},
"release_date": "2021-03-30T22:00:00.000+00:00",
"title": "CVE-2021-29649"
},
{
"cve": "CVE-2021-29648",
"notes": [
{
"category": "description",
"text": "Im Linux Kernel existieren mehrere Schwachstellen. Sie bestehen, weil die \"resolved_ids\" und \"resolved_sizes\" im \"vmlinux BPF Type Format\" absichtlich nicht initialisiert sind und dem Netfilter-Subsystemen \"net/netfilter/x_tables.c\" und \"include/linux/netfilter/x_tables.h\" eine vollst\u00e4ndige Speichersperre fehlt. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um eine Denial-of-Service-Bedingung auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T011119",
"T015518",
"67646",
"T015516",
"T015127",
"T015126",
"T004914",
"T016243",
"T019403",
"2951",
"T002207",
"T000126",
"398363",
"1727"
]
},
"release_date": "2021-03-30T22:00:00.000+00:00",
"title": "CVE-2021-29648"
},
{
"cve": "CVE-2021-29650",
"notes": [
{
"category": "description",
"text": "Im Linux Kernel existieren mehrere Schwachstellen. Sie bestehen, weil die \"resolved_ids\" und \"resolved_sizes\" im \"vmlinux BPF Type Format\" absichtlich nicht initialisiert sind und dem Netfilter-Subsystemen \"net/netfilter/x_tables.c\" und \"include/linux/netfilter/x_tables.h\" eine vollst\u00e4ndige Speichersperre fehlt. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um eine Denial-of-Service-Bedingung auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T011119",
"T015518",
"67646",
"T015516",
"T015127",
"T015126",
"T004914",
"T016243",
"T019403",
"2951",
"T002207",
"T000126",
"398363",
"1727"
]
},
"release_date": "2021-03-30T22:00:00.000+00:00",
"title": "CVE-2021-29650"
}
]
}
FKIE_CVE-2021-29649
Vulnerability from fkie_nvd - Published: 2021-03-30 21:15 - Updated: 2024-11-21 06:01
Severity ?
Summary
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2375C9CB-E013-429D-9E0A-FBC249C5E180",
"versionEndExcluding": "5.11.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El controlador de modo de usuario (UMD) tiene una fuga de memoria copy_process(), relacionada con una falta de pasos de limpieza en kernel/usermode_driver.c y kernel/bpf/preload/bpf_preload_kern.c, tambi\u00e9n conocido como CID-f60a85cad677."
}
],
"id": "CVE-2021-29649",
"lastModified": "2024-11-21T06:01:34.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T21:15:14.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-29649
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-29649",
"description": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.",
"id": "GSD-2021-29649",
"references": [
"https://www.suse.com/security/cve/CVE-2021-29649.html",
"https://ubuntu.com/security/CVE-2021-29649",
"https://security.archlinux.org/CVE-2021-29649"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-29649"
],
"details": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.",
"id": "GSD-2021-29649",
"modified": "2023-12-13T01:23:36.531121Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.11.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29649"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8"
},
{
"name": "FEDORA-2021-41fb54ae9f",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/"
},
{
"name": "FEDORA-2021-6b0f287b8b",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/"
},
{
"name": "FEDORA-2021-2306e89112",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-04-05T20:02Z",
"publishedDate": "2021-03-30T21:15Z"
}
}
}
BDU:2021-02103
Vulnerability from fstec - Published: 19.03.2021
VLAI Severity ?
Title
Уязвимость драйвера пользовательского режима (UMD) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость драйвера пользовательского режима (UMD) ядра операционной системы Linux связана с ошибками освобождения памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, Fedora Project, АО "НППКТ"
Software Name
Debian GNU/Linux, Fedora, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Linux
Software Version
9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 32 (Fedora), 33 (Fedora), 34 (Fedora), 11 (Debian GNU/Linux), до 2.4 (ОСОН ОСнова Оnyx), от 5.11.0 до 5.11.10 включительно (Linux), от 5.10.0 до 5.10.26 включительно (Linux)
Possible Mitigations
Для Linux:
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.27
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-29649
Для ОСОН Основа:
Обновление программного обеспечения linux до версии 5.14.9-2.osnova179.1
Reference
https://access.redhat.com/security/cve/CVE-2021-29649
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29649
https://cxsecurity.com/cveshow/CVE-2021-29649/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.27
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
https://nvd.nist.gov/vuln/detail/CVE-2021-29649
https://security-tracker.debian.org/tracker/CVE-2021-29649
https://ubuntu.com/security/notices/USN-4948-1
https://usn.ubuntu.com/usn/usn-4948-1
https://www.cve.org/CVERecord?id=CVE-2021-29649
https://www.suse.com/security/cve/CVE-2021-29649
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/
CWE
CWE-401
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 32 (Fedora), 33 (Fedora), 34 (Fedora), 11 (Debian GNU/Linux), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 5.11.0 \u0434\u043e 5.11.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.10.0 \u0434\u043e 5.10.26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.27\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\n\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\n\nDebian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-29649\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.14.9-2.osnova179.1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.04.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02103",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-29649",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Fedora, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 32 , Fedora Project Fedora 33 , Fedora Project Fedora 34 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.11.11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 (UMD) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0438 (\u00ab\u0443\u0442\u0435\u0447\u043a\u0430 \u043f\u0430\u043c\u044f\u0442\u0438\u00bb) (CWE-401)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 (UMD) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2021-29649\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29649\nhttps://cxsecurity.com/cveshow/CVE-2021-29649/\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.27\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29649\nhttps://security-tracker.debian.org/tracker/CVE-2021-29649\nhttps://ubuntu.com/security/notices/USN-4948-1\nhttps://usn.ubuntu.com/usn/usn-4948-1\nhttps://www.cve.org/CVERecord?id=CVE-2021-29649\nhttps://www.suse.com/security/cve/CVE-2021-29649\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-401",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…