VAR-202009-1432
Vulnerability from variot - Updated: 2025-01-30 21:09u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150. A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. (CVE-2020-3702) A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (CVE-2021-3653) A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (CVE-2021-3656) A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-3753) A flaw was found in the Linux kernel, where it incorrectly computes the access permissions of a shadow page. This issue leads to a missing guest protection page fault. (CVE-2021-38198) A flaw was found in the Linux kernel that allows malicious users to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). The highest threat from this vulnerability is to confidentiality. (CVE-2021-38205). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4978-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2021 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 CVE-2021-38199 CVE-2021-40490 CVE-2021-41073 Debian Bug : 993948 993978
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2020-3702
A flaw was found in the driver for Atheros IEEE 802.11n family of
chipsets (ath9k) allowing information disclosure.
CVE-2021-3653
Maxim Levitsky discovered a vulnerability in the KVM hypervisor
implementation for AMD processors in the Linux kernel: Missing
validation of the `int_ctl` VMCB field could allow a malicious L1
guest to enable AVIC support (Advanced Virtual Interrupt Controller)
for the L2 guest. The L2 guest can take advantage of this flaw to
write to a limited but still relatively large subset of the host
physical memory.
Missing validation of the the `virt_ext` VMCB field could allow a
malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS
(Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,
the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus
read/write portions of the host's physical memory.
CVE-2021-3732
Alois Wohlschlager reported a flaw in the implementation of the
overlayfs subsystem, allowing a local attacker with privileges to
mount a filesystem to reveal files hidden in the original mount.
CVE-2021-3753
Minh Yuan reported a race condition in the vt_k_ioctl in
drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds
read in vt.
CVE-2021-37576
Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem
on the powerpc platform, which allows KVM guest OS users to cause
memory corruption on the host.
CVE-2021-38160
A flaw in the virtio_console was discovered allowing data corruption
or data loss by an untrusted device. This flaw is mitigated by default in Debian as
unprivileged calls to bpf() are disabled.
CVE-2021-38199
Michael Wakabayashi reported a flaw in the NFSv4 client
implementation, where incorrect connection setup ordering allows
operations of a remote NFSv4 server to cause a denial of service.
For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5. This update includes fixes for #993948 and #993978.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFO2GNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TnbQ/8C5VZ8M2c1r7inKdf/JxcNqAgmquOVo/Ib9Ei17r+7/IXa4mo/FCz4xOb V68lNhqA43GJPWGHcj8mndVfkTHnn0PRekd5oPoKTdo4fJS0JEipUvNM3W+ukYVo eJi9+rV6fLmA9w0TTLqRaAZG1jjHxKqNo0XjbwGMhM8+hp5grAGuZrNfQ8mJk/CX RM8PyeWFTkio0eVr5G4wgxSDLJeg3Aa9azYvfXhgZ8OCl1ArSgLN3xhHqfuXFPAN F2i8ZRSwwlFtkea/Zm1eet+uwEs3Mz0pCXxBApITIaPh8Zo1Lj/0u8BBQqbGTuiF 6JNYnZc6TZ16DI3M8/a4x8sjG/C4Q6D+rOTpfaoydz4kcGEFWZC7/L9Y0wmd11da a4OIQq56Kk1bYI+G/7hl6BstLZxaqY/mafshV+nhQIzOBMBo35/r6Coz7AQUSJ5R vpPv1CKSwwki9zic0aegXZRUd0SJAyNEOqpvDSlT0hy2nNlnYFKIAySlFv68Lz9M RO/t4qFaKz07UdrNqN7E6qXZ6TZ18cIw2SQiozcR7g3CQ5WrBErxibkvmM4vHDgp /AlmxCuiTNtBdwGNlcT16kCbvyQLx3wSzisUBceIQqb/XTw9Ti2ctDWgYStsscSC LaEFBjJhYxBvDhnav4P2ZpHni5C1J/KS3qiR6wCEBTh4Qy5dYjo= =L0c4 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5115-1 October 20, 2021
linux-oem-5.10 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-oem-5.10: Linux kernel for OEM systems
Details:
It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702)
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624)
Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-34556)
Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side-channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-35477)
It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679)
It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159)
Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732)
It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. (CVE-2021-3739)
It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2021-3743)
It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753)
It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3759)
It was discovered that the BPF subsystem in the Linux kernel contained an integer overflow in its hash table implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-38166)
It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204)
It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205)
It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490)
It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.10.0-1050-oem 5.10.0-1050.52 linux-image-oem-20.04 5.10.0.1050.52 linux-image-oem-20.04b 5.10.0.1050.52
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-5115-1 CVE-2020-3702, CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-3732, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2021-38166, CVE-2021-38204, CVE-2021-38205, CVE-2021-40490, CVE-2021-42008
Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1050.52
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipq4019",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "apq8053",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8996au",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sm7150",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "qcs405",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8909w",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sdx20",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "sm6150",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ipq8064",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "access point",
"scope": "lte",
"trust": 1.0,
"vendor": "arista",
"version": "8.8.3-12"
},
{
"model": "qcn5502",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"model": "qca9531",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "164561"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "164594"
},
{
"db": "PACKETSTORM",
"id": "164585"
},
{
"db": "PACKETSTORM",
"id": "164584"
},
{
"db": "PACKETSTORM",
"id": "164581"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-3702",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3702",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3702",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-066",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3702",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
},
{
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "u\u0027Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150. A flaw was found in the Linux kernel\u0027s implementation of wireless drivers using the Atheros chipsets. (CVE-2020-3702)\nA flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (CVE-2021-3653)\nA flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (CVE-2021-3656)\nA flaw was found in the Linux kernel\u0027s OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-3753)\nA flaw was found in the Linux kernel, where it incorrectly computes the access permissions of a shadow page. This issue leads to a missing guest protection page fault. (CVE-2021-38198)\nA flaw was found in the Linux kernel that allows malicious users to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). The highest threat from this vulnerability is to confidentiality. (CVE-2021-38205). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4978-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 25, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 \n CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 \n CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 \n CVE-2021-38199 CVE-2021-40490 CVE-2021-41073\nDebian Bug : 993948 993978\n\nSeveral vulnerabilities have been discovered in the Linux kernel\nthat may lead to a privilege escalation, denial of service or\ninformation leaks. \n\nCVE-2020-3702\n\n A flaw was found in the driver for Atheros IEEE 802.11n family of\n chipsets (ath9k) allowing information disclosure. \n\nCVE-2021-3653\n\n Maxim Levitsky discovered a vulnerability in the KVM hypervisor\n implementation for AMD processors in the Linux kernel: Missing\n validation of the `int_ctl` VMCB field could allow a malicious L1\n guest to enable AVIC support (Advanced Virtual Interrupt Controller)\n for the L2 guest. The L2 guest can take advantage of this flaw to\n write to a limited but still relatively large subset of the host\n physical memory. \n Missing validation of the the `virt_ext` VMCB field could allow a\n malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS\n (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,\n the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus\n read/write portions of the host\u0027s physical memory. \n\nCVE-2021-3732\n\n Alois Wohlschlager reported a flaw in the implementation of the\n overlayfs subsystem, allowing a local attacker with privileges to\n mount a filesystem to reveal files hidden in the original mount. \n\nCVE-2021-3753\n\n Minh Yuan reported a race condition in the vt_k_ioctl in\n drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds\n read in vt. \n\nCVE-2021-37576\n\n Alexey Kardashevskiy reported a buffer overflow in the KVM subsystem\n on the powerpc platform, which allows KVM guest OS users to cause\n memory corruption on the host. \n\nCVE-2021-38160\n\n A flaw in the virtio_console was discovered allowing data corruption\n or data loss by an untrusted device. This flaw is mitigated by default in Debian as\n unprivileged calls to bpf() are disabled. \n\nCVE-2021-38199\n\n Michael Wakabayashi reported a flaw in the NFSv4 client\n implementation, where incorrect connection setup ordering allows\n operations of a remote NFSv4 server to cause a denial of service. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.10.46-5. This update includes fixes for #993948 and #993978. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFO2GNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0TnbQ/8C5VZ8M2c1r7inKdf/JxcNqAgmquOVo/Ib9Ei17r+7/IXa4mo/FCz4xOb\nV68lNhqA43GJPWGHcj8mndVfkTHnn0PRekd5oPoKTdo4fJS0JEipUvNM3W+ukYVo\neJi9+rV6fLmA9w0TTLqRaAZG1jjHxKqNo0XjbwGMhM8+hp5grAGuZrNfQ8mJk/CX\nRM8PyeWFTkio0eVr5G4wgxSDLJeg3Aa9azYvfXhgZ8OCl1ArSgLN3xhHqfuXFPAN\nF2i8ZRSwwlFtkea/Zm1eet+uwEs3Mz0pCXxBApITIaPh8Zo1Lj/0u8BBQqbGTuiF\n6JNYnZc6TZ16DI3M8/a4x8sjG/C4Q6D+rOTpfaoydz4kcGEFWZC7/L9Y0wmd11da\na4OIQq56Kk1bYI+G/7hl6BstLZxaqY/mafshV+nhQIzOBMBo35/r6Coz7AQUSJ5R\nvpPv1CKSwwki9zic0aegXZRUd0SJAyNEOqpvDSlT0hy2nNlnYFKIAySlFv68Lz9M\nRO/t4qFaKz07UdrNqN7E6qXZ6TZ18cIw2SQiozcR7g3CQ5WrBErxibkvmM4vHDgp\n/AlmxCuiTNtBdwGNlcT16kCbvyQLx3wSzisUBceIQqb/XTw9Ti2ctDWgYStsscSC\nLaEFBjJhYxBvDhnav4P2ZpHni5C1J/KS3qiR6wCEBTh4Qy5dYjo=\n=L0c4\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5115-1\nOctober 20, 2021\n\nlinux-oem-5.10 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-oem-5.10: Linux kernel for OEM systems\n\nDetails:\n\nIt was discovered that a race condition existed in the Atheros Ath9k WiFi\ndriver in the Linux kernel. An attacker could possibly use this to expose\nsensitive information (WiFi network traffic). (CVE-2020-3702)\n\nOfek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk\ndiscovered that the BPF verifier in the Linux kernel missed possible\nmispredicted branches due to type confusion, allowing a side-channel\nattack. An attacker could use this to expose sensitive information. \n(CVE-2021-33624)\n\nBenedict Schlueter discovered that the BPF subsystem in the Linux kernel\ndid not properly protect against Speculative Store Bypass (SSB) side-\nchannel attacks in some situations. A local attacker could possibly use\nthis to expose sensitive information. (CVE-2021-34556)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not\nproperly protect against Speculative Store Bypass (SSB) side-channel\nattacks in some situations. A local attacker could possibly use this to\nexpose sensitive information. (CVE-2021-35477)\n\nIt was discovered that the tracing subsystem in the Linux kernel did not\nproperly keep track of per-cpu ring buffer state. A privileged attacker\ncould use this to cause a denial of service. (CVE-2021-3679)\n\nIt was discovered that the Option USB High Speed Mobile device driver in\nthe Linux kernel did not properly handle error conditions. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2021-37159)\n\nAlois Wohlschlager discovered that the overlay file system in the Linux\nkernel did not restrict private clones in some situations. An attacker\ncould use this to expose sensitive information. (CVE-2021-3732)\n\nIt was discovered that the btrfs file system in the Linux kernel did not\nproperly handle removing a non-existent device id. An attacker with\nCAP_SYS_ADMIN could use this to cause a denial of service. (CVE-2021-3739)\n\nIt was discovered that the Qualcomm IPC Router protocol implementation in\nthe Linux kernel did not properly validate metadata in some situations. A\nlocal attacker could use this to cause a denial of service (system crash)\nor expose sensitive information. (CVE-2021-3743)\n\nIt was discovered that the virtual terminal (vt) device implementation in\nthe Linux kernel contained a race condition in its ioctl handling that led\nto an out-of-bounds read vulnerability. A local attacker could possibly use\nthis to expose sensitive information. (CVE-2021-3753)\n\nIt was discovered that the Linux kernel did not properly account for the\nmemory usage of certain IPC objects. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2021-3759)\n\nIt was discovered that the BPF subsystem in the Linux kernel contained an\ninteger overflow in its hash table implementation. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2021-38166)\n\nIt was discovered that the MAX-3421 host USB device driver in the Linux\nkernel did not properly handle device removal events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2021-38204)\n\nIt was discovered that the Xilinx 10/100 Ethernet Lite device driver in the\nLinux kernel could report pointer addresses in some situations. An attacker\ncould use this information to ease the exploitation of another\nvulnerability. (CVE-2021-38205)\n\nIt was discovered that the ext4 file system in the Linux kernel contained a\nrace condition when writing xattrs to an inode. A local attacker could use\nthis to cause a denial of service or possibly gain administrative\nprivileges. (CVE-2021-40490)\n\nIt was discovered that the 6pack network protocol driver in the Linux\nkernel did not properly perform validation checks. A privileged attacker\ncould use this to cause a denial of service (system crash) or execute\narbitrary code. (CVE-2021-42008)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n linux-image-5.10.0-1050-oem 5.10.0-1050.52\n linux-image-oem-20.04 5.10.0.1050.52\n linux-image-oem-20.04b 5.10.0.1050.52\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5115-1\n CVE-2020-3702, CVE-2021-33624, CVE-2021-34556, CVE-2021-35477,\n CVE-2021-3679, CVE-2021-37159, CVE-2021-3732, CVE-2021-3739,\n CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2021-38166,\n CVE-2021-38204, CVE-2021-38205, CVE-2021-40490, CVE-2021-42008\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1050.52\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3702"
},
{
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"db": "PACKETSTORM",
"id": "169128"
},
{
"db": "PACKETSTORM",
"id": "164561"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "164594"
},
{
"db": "PACKETSTORM",
"id": "164585"
},
{
"db": "PACKETSTORM",
"id": "164584"
},
{
"db": "PACKETSTORM",
"id": "164581"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3702",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "164561",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166568",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164594",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164584",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3455",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4089",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4282",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1408",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3391",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3483",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3535",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3422",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4156",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-066",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3702",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169128",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164585",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164581",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"db": "PACKETSTORM",
"id": "169128"
},
{
"db": "PACKETSTORM",
"id": "164561"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "164594"
},
{
"db": "PACKETSTORM",
"id": "164585"
},
{
"db": "PACKETSTORM",
"id": "164584"
},
{
"db": "PACKETSTORM",
"id": "164581"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
},
{
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"id": "VAR-202009-1432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"other device",
"embedded device"
],
"sub_category": "SoC",
"trust": 0.1
},
{
"category": [
"other device",
"embedded device"
],
"sub_category": "general",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:09:39.302000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Qualcomm Product encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125400"
},
{
"title": "Ubuntu Security Notice: USN-5361-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5361-1"
},
{
"title": "Amazon Linux 2: ALASMICROVM-KERNEL-4.14-2023-003",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASMICROVM-KERNEL-4.14-2023-003"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.10-2022-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.10-2022-005"
},
{
"title": "Amazon Linux 2: ALASMICROVM-KERNEL-4.14-2023-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASMICROVM-KERNEL-4.14-2023-002"
},
{
"title": "Debian Security Advisories: DSA-4978-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f74b5ec454c038ed56299a62dc9be102"
},
{
"title": "kr00k-notes",
"trust": 0.1,
"url": "https://github.com/raul23/kr00k-notes "
},
{
"title": "kr00k-tests",
"trust": 0.1,
"url": "https://github.com/raul23/kr00k-tests "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
},
{
"title": null,
"trust": 0.1,
"url": "https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/kr-k-attack-variants-impact-qualcomm-mediatek-wi-fi-chips/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3702"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40490"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/qualcomm-atheros-ieee-802-11n-no-chiffrement-36534"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164584/ubuntu-security-notice-usn-5115-1.html"
},
{
"trust": 0.6,
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3535"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164594/ubuntu-security-notice-usn-5116-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3483"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4117"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3512"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166568/ubuntu-security-notice-usn-5361-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3225"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4089"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3422"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3455"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4156"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4282"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1408"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4163"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164561/ubuntu-security-notice-usn-5113-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3391"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3732"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42008"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3743"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38166"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3739"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3753"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38198"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38205"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5361-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3679"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37159"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5116-1"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://github.com/raul23/kr00k-notes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alasmicrovm-kernel-4.14-2023-003.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16119"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.11/5.11.0-1021.23~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.11/5.11.0-1020.21~20.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.11/5.11.0-1020.21~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1021.22"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1018.19"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5113-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.11.0-1020.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.11.0-1020.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.11/5.11.0-38.42~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1021.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.11.0-38.42"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43976"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1056.60~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1058.61~18.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1025.26"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5116-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1054.57~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1045.49~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1054.57"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1045.49"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1062.65"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1025.26~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1058.61"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1062.65~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1056.60"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-89.100"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1055.59~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-89.100~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1020.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1048.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1050.52"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38204"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5115-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35477"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1097.103"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5114-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1114.123"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1125.138"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-161.169"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1114.121"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1029.34"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1110.124"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1101.103"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"db": "PACKETSTORM",
"id": "169128"
},
{
"db": "PACKETSTORM",
"id": "164561"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "164594"
},
{
"db": "PACKETSTORM",
"id": "164585"
},
{
"db": "PACKETSTORM",
"id": "164584"
},
{
"db": "PACKETSTORM",
"id": "164581"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
},
{
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"db": "PACKETSTORM",
"id": "169128"
},
{
"db": "PACKETSTORM",
"id": "164561"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "164594"
},
{
"db": "PACKETSTORM",
"id": "164585"
},
{
"db": "PACKETSTORM",
"id": "164584"
},
{
"db": "PACKETSTORM",
"id": "164581"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
},
{
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"date": "2021-09-28T19:12:00",
"db": "PACKETSTORM",
"id": "169128"
},
{
"date": "2021-10-20T15:44:10",
"db": "PACKETSTORM",
"id": "164561"
},
{
"date": "2022-04-01T15:43:33",
"db": "PACKETSTORM",
"id": "166568"
},
{
"date": "2021-10-22T15:36:06",
"db": "PACKETSTORM",
"id": "164594"
},
{
"date": "2021-10-21T15:32:15",
"db": "PACKETSTORM",
"id": "164585"
},
{
"date": "2021-10-21T15:31:59",
"db": "PACKETSTORM",
"id": "164584"
},
{
"date": "2021-10-21T15:28:40",
"db": "PACKETSTORM",
"id": "164581"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-066"
},
{
"date": "2020-09-08T10:15:16.340000",
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3702"
},
{
"date": "2022-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-066"
},
{
"date": "2024-11-21T05:31:36.317000",
"db": "NVD",
"id": "CVE-2020-3702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Qualcomm Product Encryption Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-066"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.