{"schema_version":"1.7.2","id":"OESA-2021-1279","modified":"2021-07-24T11:03:04Z","published":"2021-07-24T11:03:04Z","upstream":["CVE-2021-3587","CVE-2020-36385","CVE-2020-28097","CVE-2021-33624","CVE-2021-35039","CVE-2021-22555","CVE-2021-3573","CVE-2021-0129","CVE-2021-34693","CVE-2020-36387","CVE-2021-3609","CVE-2021-3600"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nthere was a null pointer dereference in llcp_sock_getname in net/nfc/llcp_sock.c and reproduced it in linux-5.13.0-rc2. An unprivileged user can trigger this bug and cause denial of service.  #Root Cause After creating an nfc socket, bind the address by calling bind(), if LLCP_SAP_MAX was used as SAP, it cause the bind() failed and there would set llcp_sock-\u0026gt;service_name  as NULL.  Although bind() returns an error here, it does not affect calling other socket functions. sock_getname() would invoke llcp_sock_getname(), llcp_sock_getname copied service  name from llcp_sock-\u0026gt;service_name by memcpy but llcp_sock-\u0026gt;service_name is NULL.  #Fix the patch for this issue: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=4ac06a1e013c(CVE-2021-3587)\r\n\r\nAn issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.(CVE-2020-36385)\r\n\r\nThe vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.(CVE-2020-28097)\r\n\r\nIn kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.(CVE-2021-33624)\r\n\r\nkernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.(CVE-2021-35039)\r\n\r\nA heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space(CVE-2021-22555)\r\n\r\nA flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system.(CVE-2021-3573)\r\n\r\nImproper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.(CVE-2021-0129)\r\n\r\nnet/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.(CVE-2021-34693)\r\n\r\nAn issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.(CVE-2020-36387)\r\n\r\nA flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.(CVE-2021-3609)\r\n\r\nIt was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.(CVE-2021-3600)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2107.4.0.0097.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python2-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","bpftool-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python3-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-source-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-tools-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2107.4.0.0097.oe1.src.rpm"],"x86_64":["perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python3-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python2-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","bpftool-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-source-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-tools-4.19.90-2107.4.0.0097.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2107.4.0.0097.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python2-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","bpftool-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python3-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-source-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-tools-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2107.4.0.0097.oe1.src.rpm"],"x86_64":["perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python3-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python2-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","bpftool-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-source-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm","kernel-tools-4.19.90-2107.4.0.0097.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1279"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3587"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36385"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28097"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33624"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22555"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3573"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0129"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-34693"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36387"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3609"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3600"}],"database_specific":{"severity":"High"}}