Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-20317 (GCVE-0-2021-20317)
Vulnerability from cvelistv5 – Published: 2021-09-27 10:34 – Updated: 2024-08-03 17:37
VLAI
EPSS
Summary
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.
Severity
4.4 (Medium)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=2005258 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5096 | vendor-advisoryx_refsource_DEBIAN |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kernel 5.3 rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:06:40.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Kernel 5.3 rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20317",
"datePublished": "2021-09-27T10:34:49.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-20317",
"date": "2026-06-05",
"epss": "0.00016",
"percentile": "0.03786"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-20317\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-09-27T11:15:07.357\",\"lastModified\":\"2024-11-21T05:46:21.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en el kernel de Linux. Un \u00e1rbol de temporizadores corrompido hac\u00eda que faltara el despertar de la tarea en la funci\u00f3n timerqueue_add en el archivo lib/timerqueue.c. Este defecto permite a un atacante local con privilegios de usuario especiales causar una denegaci\u00f3n de servicio, ralentizando y eventualmente deteniendo el sistema mientras se ejecuta OSP\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-665\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-665\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4\",\"matchCriteriaId\":\"9121F506-8266-4787-ACB9-4221B549FA05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D70AB13-37BE-4BD3-A652-10191F1642E4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2005258\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5096\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2005258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2021:4875
Vulnerability from csaf_redhat - Published: 2021-11-30 15:38 - Updated: 2026-02-19 13:22Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Severity
Important
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385)
* kernel: timer tree corruption leads to missing wakeup and system freeze (CVE-2021-20317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest RHEL-8.2.z13 Batch source tree (BZ#2020969)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges.
7.8 (High)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. The highest threat from this vulnerability is system availability.
4.4 (Medium)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
14 references
Acknowledgments
Red Hat
Jay Shin
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385)\n\n* kernel: timer tree corruption leads to missing wakeup and system freeze (CVE-2021-20317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-8.2.z13 Batch source tree (BZ#2020969)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4875",
"url": "https://access.redhat.com/errata/RHSA-2021:4875"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1974319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974319"
},
{
"category": "external",
"summary": "2005258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4875.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2026-02-19T13:22:07+00:00",
"generator": {
"date": "2026-02-19T13:22:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2021:4875",
"initial_release_date": "2021-11-30T15:38:55+00:00",
"revision_history": [
{
"date": "2021-11-30T15:38:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-30T15:38:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T13:22:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::realtime"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"product": {
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"product_id": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-193.70.1.rt13.120.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-193.70.1.rt13.120.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src"
},
"product_reference": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2)",
"product_id": "NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "NFV-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src"
},
"product_reference": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64 as a component of Red Hat Enterprise Linux Real Time EUS (v. 8.2)",
"product_id": "RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"relates_to_product_reference": "RT-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36385",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1974319"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36385"
},
{
"category": "external",
"summary": "RHBZ#1974319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36385"
}
],
"release_date": "2021-06-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T15:38:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4875"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free"
},
{
"acknowledgments": [
{
"names": [
"Jay Shin"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-20317",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"discovery_date": "2021-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2005258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: timer tree corruption leads to missing wakeup and system freeze",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20317"
},
{
"category": "external",
"summary": "RHBZ#2005258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20317",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20317"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=511885d7061eda3eb1faf3f57dcc936ff75863f1"
}
],
"release_date": "2021-09-23T16:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-30T15:38:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4875"
},
{
"category": "workaround",
"details": "In order to mitigate this issue, it is possible to prevent the affected code by loading the kvm module with \"pi_inject_timer=0\" parameter.\n~~~\nrmmod kvm_intel kvm\nmodprobe kvm pi_inject_timer=0 \nmodprobe kvm_intel\n~~~",
"product_ids": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"NFV-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"NFV-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.src",
"RT-8.2.0.Z.EUS:kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-core-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debug-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-devel-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-kvm-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64",
"RT-8.2.0.Z.EUS:kernel-rt-modules-extra-0:4.18.0-193.70.1.rt13.120.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: timer tree corruption leads to missing wakeup and system freeze"
}
]
}
SSA-222547
Vulnerability from csaf_siemens - Published: 2022-06-14 00:00 - Updated: 2022-06-14 00:00Summary
SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0
Notes
Summary: Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability.
Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
References
23 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability.\n\nSiemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"category": "self",
"summary": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-222547.txt"
},
{
"category": "self",
"summary": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-222547.json"
}
],
"title": "SSA-222547: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0",
"tracking": {
"current_release_date": "2022-06-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-222547",
"initial_release_date": "2022-06-14T00:00:00Z",
"revision_history": [
{
"date": "2022-06-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.0",
"product": {
"name": "SCALANCE LPE9403",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK5998-3GS00-2AC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9403"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27304",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-27304 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2020-27304 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-27304.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-27304"
},
{
"cve": "CVE-2021-20317",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-20317 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-20317 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-20317.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-20317"
},
{
"cve": "CVE-2021-33910",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "The use of alloca function with an uncontrolled size in function unit_name_path_escape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-33910 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-33910 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-33910.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-33910"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition vulnerability was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-36221 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-36221 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-36221.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-39293",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-39293 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-39293 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-39293.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-39293"
},
{
"cve": "CVE-2021-41089",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host\u2019s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-41089 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41089 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41089.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-41089"
},
{
"cve": "CVE-2021-41091",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in Moby (Docker Engine) where the data directory (typically /var/lib/docker) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-41091 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41091 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41091.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2021-41092",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to registry-1.docker.io rather than the intended private registry.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-41092 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41092 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41092.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-41092"
},
{
"cve": "CVE-2021-41103",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-41103 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-41103 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41103.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-41103"
},
{
"cve": "CVE-2022-0847",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2022-0847 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2022-0847 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-0847.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-0847"
}
]
}
WID-SEC-W-2023-2457
Vulnerability from csaf_certbund - Published: 2021-09-27 22:00 - Updated: 2023-09-27 22:00Summary
Linux Kernel: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle im Linux-Kernel aufgrund eines Fehlers in der Funktion "timerqueue_add" in [lib/timerqueue.c]. Ein lokaler Angreifer mit speziellen Benutzerrechten kann dies ausnutzen, um einen Denial of Service-Zustand auszulösen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
21 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2457 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-2457.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2457 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2457"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASMICROVM-KERNEL-4.14-2023-001 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASMICROVM-KERNEL-4.14-2023-001.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1719 vom 2021-11-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1719.html"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 2005258 vom 2021-09-27",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005258"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4648 vom 2021-11-15",
"url": "https://access.redhat.com/errata/RHSA-2021:4648"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4647 vom 2021-11-15",
"url": "https://access.redhat.com/errata/RHSA-2021:4647"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4650 vom 2021-11-15",
"url": "https://access.redhat.com/errata/RHSA-2021:4650"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4646 vom 2021-11-15",
"url": "https://access.redhat.com/errata/RHSA-2021:4646"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-4647 vom 2021-11-18",
"url": "https://linux.oracle.com/errata/ELSA-2021-4647.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4875 vom 2021-11-30",
"url": "https://access.redhat.com/errata/RHSA-2021:4875"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4871 vom 2021-11-30",
"url": "https://access.redhat.com/errata/RHSA-2021:4871"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2843 vom 2021-12-16",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5209-1 vom 2022-01-06",
"url": "https://ubuntu.com/security/notices/USN-5209-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2941 vom 2022-03-09",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5096 vom 2022-03-09",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00063.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5343-1 vom 2022-03-22",
"url": "https://ubuntu.com/security/notices/USN-5343-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9313 vom 2022-04-26",
"url": "http://linux.oracle.com/errata/ELSA-2022-9313.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9314 vom 2022-04-26",
"url": "http://linux.oracle.com/errata/ELSA-2022-9314.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9367 vom 2022-05-10",
"url": "http://linux.oracle.com/errata/ELSA-2022-9367.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9366 vom 2022-05-10",
"url": "http://linux.oracle.com/errata/ELSA-2022-9366.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-09-27T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:54.066+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2457",
"initial_release_date": "2021-09-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-09-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-11-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2021-11-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-11-17T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-11-30T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-12-16T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-01-05T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-03-09T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-03-22T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-04-25T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-05-10T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel \u003c 5.4-rc1",
"product": {
"name": "Open Source Linux Kernel \u003c 5.4-rc1",
"product_id": "T020506",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:5.4-rc1"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20317",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle im Linux-Kernel aufgrund eines Fehlers in der Funktion \"timerqueue_add\" in [lib/timerqueue.c]. Ein lokaler Angreifer mit speziellen Benutzerrechten kann dies ausnutzen, um einen Denial of Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2021-09-27T22:00:00.000+00:00",
"title": "CVE-2021-20317"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…