{"schema_version":"1.7.2","id":"OESA-2021-1087","modified":"2021-03-05T11:02:42Z","published":"2021-03-05T11:02:42Z","upstream":["CVE-2020-28374","CVE-2020-29568","CVE-2020-27068","CVE-2020-27786","CVE-2021-3347","CVE-2021-3348","CVE-2020-0423","CVE-2020-36158","CVE-2020-8694","CVE-2020-4788","CVE-2019-16089","CVE-2020-0465","CVE-2020-0466","CVE-2021-20177","CVE-2021-3178"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\r\n\r\nAn issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.(CVE-2020-29568)\r\n\r\nIn the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583(CVE-2020-27068)\r\n\r\nA flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\r\n\r\nAn issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.(CVE-2021-3347)\r\n\r\nnbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.(CVE-2021-3348)\n\nIn binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0423)\n\nmwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\nInsufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)\n\nIBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. (CVE-2020-4788)\n\nAn issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.(CVE-2019-16089)\n\nIn various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0465)\n\nIn do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0466)\n\nA flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system.(CVE-2021-20177)\n\nfs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2102.2.0.0057.oe1"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-tools-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","python2-perf-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","python3-perf-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-devel-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","kernel-source-4.19.90-2102.2.0.0057.oe1.aarch64.rpm","perf-4.19.90-2102.2.0.0057.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2102.2.0.0057.oe1.src.rpm"],"x86_64":["python2-perf-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","perf-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-tools-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-devel-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","bpftool-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-source-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm","python3-perf-4.19.90-2102.2.0.0057.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1087"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28374"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29568"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27068"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27786"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3347"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3348"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0423"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36158"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8694"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3347"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16089"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0465"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0466"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20177"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3178"}],"database_specific":{"severity":"High"}}