Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-34693 (GCVE-0-2021-34693)
Vulnerability from cvelistv5 – Published: 2021-06-14 00:00 – Updated: 2024-08-04 00:19
VLAI?
EPSS
Summary
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/"
},
{
"name": "[oss-security] 20210615 CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"name": "DSA-4941",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4941"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T00:40:28.345Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/"
},
{
"name": "[oss-security] 20210615 CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"name": "DSA-4941",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4941"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34693",
"datePublished": "2021-06-14T00:00:00.000Z",
"dateReserved": "2021-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:19:48.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2021-AVI-635
Vulnerability from certfr_avis - Published: 2021-08-18 - Updated: 2021-08-18
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2021-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3587"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-28691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28691"
}
],
"initial_release_date": "2021-08-18T00:00:00",
"last_revision_date": "2021-08-18T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-635",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5044-1 du 18 ao\u00fbt 2021",
"url": "https://ubuntu.com/security/notices/USN-5044-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0080-1 du 16 ao\u00fbt 2021",
"url": "https://ubuntu.com/security/notices/LSN-0080-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5046-1 du 18 ao\u00fbt 2021",
"url": "https://ubuntu.com/security/notices/USN-5046-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5045-1 du 18 ao\u00fbt 2021",
"url": "https://ubuntu.com/security/notices/USN-5045-1"
}
]
}
CERTFR-2022-AVI-176
Vulnerability from certfr_avis - Published: 2022-02-23 - Updated: 2022-02-23
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2021-44879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44879"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2021-4202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
},
{
"name": "CVE-2021-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
},
{
"name": "CVE-2021-3483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3483"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-22600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
},
{
"name": "CVE-2022-24448",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2021-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2021-42008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42008"
},
{
"name": "CVE-2021-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28972"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
},
{
"name": "CVE-2022-24959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24959"
}
],
"initial_release_date": "2022-02-23T00:00:00",
"last_revision_date": "2022-02-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-176",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5302-1 du 22 f\u00e9vrier 2022",
"url": "https://ubuntu.com/security/notices/USN-5302-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5295-2 du 22 f\u00e9vrier 2022",
"url": "https://ubuntu.com/security/notices/USN-5295-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5298-1 du 22 f\u00e9vrier 2022",
"url": "https://ubuntu.com/security/notices/USN-5298-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5297-1 du 22 f\u00e9vrier 2022",
"url": "https://ubuntu.com/security/notices/USN-5297-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5294-2 du 22 f\u00e9vrier 2022",
"url": "https://ubuntu.com/security/notices/USN-5294-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5299-1 du 22 f\u00e9vrier 2022",
"url": "https://ubuntu.com/security/notices/USN-5299-1"
}
]
}
CERTFR-2021-AVI-563
Vulnerability from certfr_avis - Published: 2021-07-22 - Updated: 2021-07-22
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | N/A | SUSE CaaS Platform 4.0 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS | ||
| SUSE | N/A | SUSE MicroOS 5.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP1 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP2 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-BCL | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | N/A | SUSE Enterprise Storage 6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE MicroOS 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2021-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0605"
},
{
"name": "CVE-2021-35039",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35039"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2021-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
},
{
"name": "CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2020-36386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36386"
},
{
"name": "CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-33624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33624"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
},
{
"name": "CVE-2020-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-3491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3491"
},
{
"name": "CVE-2021-33200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33200"
},
{
"name": "CVE-2020-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
}
],
"initial_release_date": "2021-07-22T00:00:00",
"last_revision_date": "2021-07-22T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-33624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33624"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-33200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33200"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212427-1 du 21 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212427-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212422-1 du 21 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212422-1/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212421-1 du 21 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212421-1/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-3491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3491"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0605"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-35039",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35039"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212426-1 du 21 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212426-1/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212433-1 du 21 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212433-1"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-36386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36386"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212438-1 du 21 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212438-1/"
}
],
"reference": "CERTFR-2021-AVI-563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": []
}
CERTFR-2021-AVI-570
Vulnerability from certfr_avis - Published: 2021-07-23 - Updated: 2021-07-23
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | N/A | HPE Helion Openstack 8 | ||
| SUSE | N/A | SUSE OpenStack Cloud 8 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 8 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "HPE Helion Openstack 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2021-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0605"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2021-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
},
{
"name": "CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2020-36386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36386"
},
{
"name": "CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2020-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26141"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2020-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
}
],
"initial_release_date": "2021-07-23T00:00:00",
"last_revision_date": "2021-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-570",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212453-1 du 22 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212453-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212451-1 du 22 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212451-1/"
}
]
}
CERTFR-2021-AVI-726
Vulnerability from certfr_avis - Published: 2021-09-22 - Updated: 2021-09-22
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04 LTS pour Raspberry PI V8",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS pour Raspberry PI V8",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2021-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38160"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
}
],
"initial_release_date": "2021-09-22T00:00:00",
"last_revision_date": "2021-09-22T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-726",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Linux USN-5071-3 du 22 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5071-3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Linux USN-5073-3 du 22 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5073-3"
}
]
}
CERTFR-2021-AVI-695
Vulnerability from certfr_avis - Published: 2021-09-10 - Updated: 2021-09-10
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38207"
},
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2020-36311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36311"
},
{
"name": "CVE-2021-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38160"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38198"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38200"
},
{
"name": "CVE-2021-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38206"
},
{
"name": "CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2020-26541",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26541"
}
],
"initial_release_date": "2021-09-10T00:00:00",
"last_revision_date": "2021-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-695",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5072-1 du 08 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5072-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5073-1 du 09 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5073-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5071-1 du 08 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5071-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5070-1 du 08 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5070-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5062-1 du 08 septembre 2021",
"url": "https://ubuntu.com/security/notices/USN-5062-1"
}
]
}
CERTFR-2021-AVI-553
Vulnerability from certfr_avis - Published: 2021-07-21 - Updated: 2021-07-21
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian et Debian LTS. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 9 stretch versions ant\u00e9rieures \u00e0 4.9.272-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian 9 stretch versions ant\u00e9rieures \u00e0 4.19.194-3~deb9u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian buster versions ant\u00e9rieures \u00e0 4.19.194-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2020-36311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36311"
},
{
"name": "CVE-2021-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21781"
}
],
"initial_release_date": "2021-07-21T00:00:00",
"last_revision_date": "2021-07-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-553",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian et Debian LTS. Elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dla-2713-2 du 20 juillet 2021",
"url": "https://www.debian.org/lts/security/2021/dla-2713-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dla-2714 du 20 juillet 2021",
"url": "https://www.debian.org/lts/security/2021/dla-2714"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dla-2713 du 20 juillet 2021",
"url": "https://www.debian.org/lts/security/2021/dla-2713"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-4941 du 20 juillet 2021",
"url": "https://www.debian.org/security/2021/dsa-4941"
}
]
}
CERTFR-2021-AVI-535
Vulnerability from certfr_avis - Published: 2021-07-16 - Updated: 2021-07-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE MicroOS 5.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE MicroOS 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2021-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0605"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2021-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23133"
},
{
"name": "CVE-2019-25045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25045"
},
{
"name": "CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2020-36386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36386"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-33624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33624"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
}
],
"initial_release_date": "2021-07-16T00:00:00",
"last_revision_date": "2021-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-535",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212324-1 du 14 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212324-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212349-1 du 14 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212349-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212361-1 du 15 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212361-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212344-1 du 14 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212344-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212367-1 du 15 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212367-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212352-1 du 15 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212352-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212372-1 du 15 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212372-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212325-1 du 14 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212325-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212366-1 du 15 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212366-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212368-1 du 15 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212368-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212332-1 du 14 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212332-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212303-1 du 13 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212303-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-202114764-1 du 13 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114764-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20212321-1 du 14 juillet 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212321-1/"
}
]
}
CERTFR-2022-AVI-265
Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38208"
},
{
"name": "CVE-2021-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
},
{
"name": "CVE-2020-26139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26139"
},
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-34693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34693"
},
{
"name": "CVE-2020-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25672"
},
{
"name": "CVE-2021-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3679"
},
{
"name": "CVE-2021-3483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3483"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2021-45095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2021-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38160"
},
{
"name": "CVE-2018-5995",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5995"
},
{
"name": "CVE-2020-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12655"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2021-45402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45402"
},
{
"name": "CVE-2022-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0264"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2021-3506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3506"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2022-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0516"
},
{
"name": "CVE-2021-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0129"
},
{
"name": "CVE-2021-45480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45480"
},
{
"name": "CVE-2021-40490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40490"
},
{
"name": "CVE-2020-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25671"
},
{
"name": "CVE-2021-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38198"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-28688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28688"
},
{
"name": "CVE-2021-45469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45469"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2021-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
},
{
"name": "CVE-2016-2854",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2854"
},
{
"name": "CVE-2021-39698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39698"
},
{
"name": "CVE-2022-0382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0382"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2020-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25670"
},
{
"name": "CVE-2021-42008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42008"
},
{
"name": "CVE-2021-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28972"
},
{
"name": "CVE-2021-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23134"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-20292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20292"
},
{
"name": "CVE-2019-19449",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19449"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2016-2853",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2853"
},
{
"name": "CVE-2021-39648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39648"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"name": "CVE-2020-25673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25673"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0742"
},
{
"name": "CVE-2021-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-265",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nUbuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5343-1 du 22 mars 2022",
"url": "https://ubuntu.com/security/notices/USN-5343-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5339-1 du 22 mars 2022",
"url": "https://ubuntu.com/security/notices/USN-5339-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5338-1 du 22 mars 2022",
"url": "https://ubuntu.com/security/notices/USN-5338-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Ubuntu USN-5337-1 du 22 mars 2022",
"url": "https://ubuntu.com/security/notices/USN-5337-1"
}
]
}
CNVD-2021-43370
Vulnerability from cnvd - Published: 2021-06-19
VLAI Severity ?
Title
Linux kernel信息泄露漏洞(CNVD-2021-43370)
Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel存在安全漏洞,该漏洞允许本地用户从net/can/bcm.c中获取敏感信息,因为数据结构的某些部分是未初始化的。 目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Linux kernel信息泄露漏洞(CNVD-2021-43370)的补丁
Patch Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel存在安全漏洞,该漏洞允许本地用户从net/can/bcm.c中获取敏感信息,因为数据结构的某些部分是未初始化的。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
Reference
https://access.redhat.com/security/cve/cve-2021-34693
Impacted products
| Name | Linux Linux kernel <5.10 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-34693"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ecenet/can/bcm.c\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u56e0\u4e3a\u6570\u636e\u7ed3\u6784\u7684\u67d0\u4e9b\u90e8\u5206\u662f\u672a\u521d\u59cb\u5316\u7684\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-43370",
"openTime": "2021-06-19",
"patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ecenet/can/bcm.c\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u56e0\u4e3a\u6570\u636e\u7ed3\u6784\u7684\u67d0\u4e9b\u90e8\u5206\u662f\u672a\u521d\u59cb\u5316\u7684\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-43370\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux Linux kernel \u003c5.10"
},
"referenceLink": "https://access.redhat.com/security/cve/cve-2021-34693",
"serverity": "\u4e2d",
"submitTime": "2021-06-17",
"title": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-43370\uff09"
}
FKIE_CVE-2021-34693
Vulnerability from fkie_nvd - Published: 2021-06-14 22:15 - Updated: 2024-11-21 06:10
Severity ?
Summary
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/06/15/1 | Exploit, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/ | ||
| cve@mitre.org | https://www.debian.org/security/2021/dsa-4941 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/06/15/1 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4941 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB436BB5-8E76-4DF6-893D-9C7F35431F39",
"versionEndIncluding": "5.12.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized."
},
{
"lang": "es",
"value": "El archivo net/can/bcm.c en el kernel de Linux versiones hasta 5.12.10, permite a usuarios locales obtener informaci\u00f3n confidencial de la memoria de la pila del kernel porque partes de una estructura de datos no est\u00e1n inicializadas"
}
],
"id": "CVE-2021-34693",
"lastModified": "2024-11-21T06:10:57.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-14T22:15:20.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
},
{
"source": "cve@mitre.org",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-34693
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-34693",
"description": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.",
"id": "GSD-2021-34693",
"references": [
"https://www.suse.com/security/cve/CVE-2021-34693.html",
"https://www.debian.org/security/2021/dsa-4941",
"https://ubuntu.com/security/CVE-2021-34693",
"https://advisories.mageia.org/CVE-2021-34693.html",
"https://security.archlinux.org/CVE-2021-34693",
"https://linux.oracle.com/cve/CVE-2021-34693.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-34693"
],
"details": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.",
"id": "GSD-2021-34693",
"modified": "2023-12-13T01:23:14.267066Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/",
"refsource": "MISC",
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/"
},
{
"name": "[oss-security] 20210615 CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"name": "DSA-4941",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4941"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB436BB5-8E76-4DF6-893D-9C7F35431F39",
"versionEndIncluding": "5.12.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized."
},
{
"lang": "es",
"value": "El archivo net/can/bcm.c en el kernel de Linux versiones hasta 5.12.10, permite a usuarios locales obtener informaci\u00f3n confidencial de la memoria de la pila del kernel porque partes de una estructura de datos no est\u00e1n inicializadas"
}
],
"id": "CVE-2021-34693",
"lastModified": "2024-03-25T01:15:51.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-14T22:15:20.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
},
{
"source": "cve@mitre.org",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
CVE-2021-34693
Vulnerability from fstec - Published: 13.06.2021
VLAI Severity ?
Title
Уязвимость компонента net/can/bcm.c ядра операционной системы Linux, позволяющая нарушителю прочитать часть памяти ядра
Description
Уязвимость компонента net/can/bcm.c ядра операционной системы Linux существует из-за отсутствия инициализации определённой структуры данных. Эксплуатация уязвимости может позволить нарушителю прочитать часть памяти ядра
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Linux
Software Version
6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), 21.04 (Ubuntu), 16.04 ESM (Ubuntu), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), до 2.4 (ОСОН ОСнова Оnyx), от 4.0 до 4.4.273 включительно (Linux), от 4.5 до 4.9.273 включительно (Linux), от 4.10 до 4.14.237 включительно (Linux), от 4.15 до 4.19.195 включительно (Linux), от 5.11 до 5.12.12 включительно (Linux), от 4.20 до 5.4.127 включительно (Linux), от 5.5 до 5.10.45 включительно (Linux)
Possible Mitigations
Использование рекомендаций
Для Linux:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.274
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2021-34693
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34693.xml
Для Ubuntu
https://ubuntu.com/security/CVE-2021-34693
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-34693
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для ОСОН Основа:
Обновление программного обеспечения linux до версии 5.14.9-2.osnova179.1
Reference
http://www.openwall.com/lists/oss-security/2021/06/15/1
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34693.xml
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.274
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128
https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html
https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/
https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
https://security-tracker.debian.org/tracker/CVE-2021-34693
https://ubuntu.com/security/CVE-2021-34693
https://ubuntu.com/security/notices/USN-5045-1
https://ubuntu.com/security/notices/USN-5070-1
https://ubuntu.com/security/notices/USN-5073-1
https://ubuntu.com/security/notices/USN-5073-2
https://ubuntu.com/security/notices/USN-5073-3
https://ubuntu.com/security/notices/USN-5299-1
https://ubuntu.com/security/notices/USN-5343-1
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://www.cve.org/CVERecord?id=CVE-2021-34693
https://www.debian.org/security/2021/dsa-4941
https://www.openwall.com/lists/oss-security/2021/06/15/1
https://www.suse.com/security/cve/CVE-2021-34693
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/
CWE
CWE-909
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), 21.04 (Ubuntu), 16.04 ESM (Ubuntu), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 4.0 \u0434\u043e 4.4.273 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.273 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.237 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.195 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.12.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.127 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.45 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc\nhttps://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.274\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-34693\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34693.xml\n\n\u0414\u043b\u044f Ubuntu\nhttps://ubuntu.com/security/CVE-2021-34693\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-34693\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.14.9-2.osnova179.1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.09.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04826",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-34693",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Novell Inc. OpenSUSE Leap 15.2 , Canonical Ltd. Ubuntu 21.04 , Canonical Ltd. Ubuntu 16.04 ESM , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.12.13 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 net/can/bcm.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (CWE-909)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 net/can/bcm.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.openwall.com/lists/oss-security/2021/06/15/1\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34693.xml\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc\nhttps://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.274\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128\nhttps://lists.debian.org/debian-lts-announce/2021/07/msg00014.html\nhttps://lists.debian.org/debian-lts-announce/2021/07/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2021/07/msg00016.html\nhttps://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/\nhttps://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/\nhttps://security-tracker.debian.org/tracker/CVE-2021-34693\nhttps://ubuntu.com/security/CVE-2021-34693\nhttps://ubuntu.com/security/notices/USN-5045-1\nhttps://ubuntu.com/security/notices/USN-5070-1\nhttps://ubuntu.com/security/notices/USN-5073-1\nhttps://ubuntu.com/security/notices/USN-5073-2\nhttps://ubuntu.com/security/notices/USN-5073-3\nhttps://ubuntu.com/security/notices/USN-5299-1\nhttps://ubuntu.com/security/notices/USN-5343-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://www.cve.org/CVERecord?id=CVE-2021-34693\nhttps://www.debian.org/security/2021/dsa-4941\nhttps://www.openwall.com/lists/oss-security/2021/06/15/1\nhttps://www.suse.com/security/cve/CVE-2021-34693\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-909",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
GHSA-C44H-4G88-MW48
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2024-03-25 03:31
VLAI?
Details
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-34693"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-14T22:15:00Z",
"severity": "MODERATE"
},
"details": "net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.",
"id": "GHSA-c44h-4g88-mw48",
"modified": "2024-03-25T03:31:42Z",
"published": "2022-05-24T19:05:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34693"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4941"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/15/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…