var-202012-1546
Vulnerability from variot
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Linux Kernel contains a resource locking vulnerability and a freed memory usage vulnerability. Vendors must CID-54ffccbf053b It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 7.4) - noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:0856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0856 Issue date: 2021-03-16 CVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)
-
kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)
-
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)
-
kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)
-
kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
-
kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)
-
kernel: performance counters race condition use-after-free (CVE-2020-14351)
-
kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)
-
kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)
-
kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)
-
kernel: increase slab leak leads to DoS (CVE-2021-20265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
BUG: scheduling while atomic: memory allocation under spinlock in scsi_register_device_handler() (BZ#1619147)
-
WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)
-
lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer that send an adisc. (BZ#1875961)
-
Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)
-
[RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue race (BZ#1889372)
-
Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)
-
RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)
-
Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK (BZ#1901064)
-
writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers kernel panic (BZ#1903819)
-
[Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1908896)
-
kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1909036)
-
kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2 (BZ#1910817)
-
dm-mirror crashes from assuming underlying storage will have a non-NULL merge_bvec_fn (BZ#1916407)
-
watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)
-
[DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL 7.9 on system with AMD Rome CPUs (BZ#1918273)
-
[DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected with Gen 4 NVMe drives. (BZ#1921187)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write 1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c 1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints 1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl 1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS 1916589 - watchdog: use nmi registers snapshot in hardlockup handler 1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
ppc64: bpftool-3.10.0-1160.21.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm perf-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1160.21.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm perf-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1160.21.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm kernel-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-headers-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm perf-3.10.0-1160.21.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm python-perf-3.10.0-1160.21.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-7053 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25645 https://access.redhat.com/security/cve/CVE-2020-25656 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/cve/CVE-2021-20265 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q mSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ 1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB SuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk xRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD mCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu Bupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP o7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c 9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj mYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r UfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi 65tXPtffy4k= =OXZI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 6 ELS) - i386, s390x, x86_64
Bug Fix(es):
-
Enable CI and changelog for GitLab workflow (BZ#1930523)
-
Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 2.6.0 images:
RHEL-8-CNV-2.6 =============kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
-
golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
-
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
-
containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from oc explain
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request.
1891285 - Common templates and kubevirt-config cm - update machine-type
1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error
1892227 - [SSP] cluster scoped resources are not being reconciled
1893278 - openshift-virtualization-os-images namespace not seen by user
1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza
1894428 - Message for VMI not migratable is not clear enough
1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium
1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import
1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1898072 - Add Fedora33 to Fedora common templates
1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail
1899558 - CNV 2.6 - nmstate fails to set state
1901480 - VM disk io can't worked if namespace have label kubemacpool
1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1903014 - hco-webhook pod in CreateContainerError
1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode
1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default"
1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers
1907151 - kubevirt version is not reported correctly via virtctl
1907352 - VM/VMI link changes to kubevirt.io~v1~VirtualMachineInstance on CNV 2.6
1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume
1907988 - VM loses dynamic IP address of its default interface after migration
1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity
1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error
1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO
1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-')
1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface
1911662 - el6 guests don't work properly if virtio bus is specified on various devices
1912908 - Allow using "scsi" bus for disks in template validation
1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails
1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user
1913717 - Users should have read permitions for golden images data volumes
1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes
1914177 - CNV does not preallocate blank file data volumes
1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes
1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer
1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block
1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored
1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
1920576 - HCO can report ready=true when it failed to create a CR for a component operator
1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool
1927373 - NoExecute taint violates pdb; VMIs are not live migrated
1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade
-
8.2) - ppc64le, x86_64
-
Description:
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. 7) - aarch64, noarch, ppc64le
-
8.2) - aarch64, noarch, ppc64le, s390x, x86_64
-
(BZ#1919886)
-
[CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap (BZ#1929909)
-
rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929911)
Enhancement(s):
-
[Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892345)
-
Add kernel option to change cpumask for kernel threads (BZ#1915344)
-
Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary
Several security issues were fixed in the kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2021-3444)
kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
Update instructions
The problem can be corrected by updating your kernel livepatch to the following versions:
Ubuntu 20.04 LTS gcp - 82.2 generic - 82.2 gke - 82.2 gkeop - 82.2 lowlatency - 82.2
Ubuntu 18.04 LTS generic - 82.1 generic - 82.2 gke - 82.1 gke - 82.2 gkeop - 82.2 lowlatency - 82.1 lowlatency - 82.2 oem - 82.1 oem - 82.2
Ubuntu 16.04 ESM generic - 82.1 generic - 82.2 lowlatency - 82.1 lowlatency - 82.2
Support Information
Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible.
Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26
Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-azure-4.15 - 4.15.0-1115 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69
Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-hwe - 4.15.0-69 linux - 4.4.0-168
Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168
References
- CVE-2020-29660
- CVE-2020-29661
- CVE-2021-3444
- CVE-2021-3715
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1546",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.248"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "2.6.26"
},
{
"model": "a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.248"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.212"
},
{
"model": "8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.9.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.163"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.83"
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
}
],
"trust": 0.8
},
"cve": "CVE-2020-29661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29661",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-29661",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29661",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-29661",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2020-29661",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Linux Kernel contains a resource locking vulnerability and a freed memory usage vulnerability. Vendors must CID-54ffccbf053b It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 7.4) - noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2021:0856-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0856\nIssue date: 2021-03-16\nCVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 \n CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 \n CVE-2020-29661 CVE-2021-20265 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in\nnet/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n* kernel: SCSI target (LIO) write to any block on ILO backstore\n(CVE-2020-28374)\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an\nuse-after-free (CVE-2020-29661)\n\n* kernel: malicious USB devices can lead to multiple out-of-bounds write\n(CVE-2019-19532)\n\n* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n* kernel: use-after-free in i915_ppgtt_close in\ndrivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n* kernel: performance counters race condition use-after-free\n(CVE-2020-14351)\n\n* kernel: Geneve/IPsec traffic may be unencrypted between two Geneve\nendpoints (CVE-2020-25645)\n\n* kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack\n(CVE-2020-25705)\n\n* kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* BUG: scheduling while atomic: memory allocation under spinlock in\nscsi_register_device_handler() (BZ#1619147)\n\n* WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)\n\n* lpfc does not issue adisc to fcp-2 devices, does not respond to nvme\ntarger that send an adisc. (BZ#1875961)\n\n* Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)\n\n* [RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue\nrace (BZ#1889372)\n\n* Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)\n\n* RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)\n\n* Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 \u0027i40e: don\u0027t report link\nup for a VF who hasn\u0027t enabled queues\u0027 introducing issues with VM using\nDPDK (BZ#1901064)\n\n* writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers\nkernel panic (BZ#1903819)\n\n* [Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the\nVRAM Edit (BZ#1908896)\n\n* kvm-rhel7.9 [AMD] - system crash observed while powering on virtual\nmachine with attached VF interfaces. (BZ#1909036)\n\n* kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2\n(BZ#1910817)\n\n* dm-mirror crashes from assuming underlying storage will have a non-NULL\nmerge_bvec_fn (BZ#1916407)\n\n* watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)\n\n* [DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL\n7.9 on system with AMD Rome CPUs (BZ#1918273)\n\n* [DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected\nwith Gen 4 NVMe drives. (BZ#1921187)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write\n1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c\n1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free\n1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints\n1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl\n1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack\n1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore\n1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 \u0027i40e: don\u0027t report link up for a VF who hasn\u0027t enabled queues\u0027 introducing issues with VM using DPDK\n1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free\n1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS\n1916589 - watchdog: use nmi registers snapshot in hardlockup handler\n1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. \n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1160.21.1.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1160.21.1.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1160.21.1.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-devel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-headers-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm\nperf-3.10.0-1160.21.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\npython-perf-3.10.0-1160.21.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-19532\nhttps://access.redhat.com/security/cve/CVE-2020-0427\nhttps://access.redhat.com/security/cve/CVE-2020-7053\nhttps://access.redhat.com/security/cve/CVE-2020-14351\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25645\nhttps://access.redhat.com/security/cve/CVE-2020-25656\nhttps://access.redhat.com/security/cve/CVE-2020-25705\nhttps://access.redhat.com/security/cve/CVE-2020-28374\nhttps://access.redhat.com/security/cve/CVE-2020-29661\nhttps://access.redhat.com/security/cve/CVE-2021-20265\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q\nmSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ\n1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB\nSuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk\nxRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD\nmCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu\nBupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP\no7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c\n9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj\nmYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r\nUfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi\n65tXPtffy4k=\n=OXZI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 6 ELS) - i386, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* Enable CI and changelog for GitLab workflow (BZ#1930523)\n\n4. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n=============kubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can\nlead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes\nfrom invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration\n1848956 - KMP requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. \n1891285 - Common templates and kubevirt-config cm - update machine-type\n1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error\n1892227 - [SSP] cluster scoped resources are not being reconciled\n1893278 - openshift-virtualization-os-images namespace not seen by user\n1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza\n1894428 - Message for VMI not migratable is not clear enough\n1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium\n1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import\n1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898072 - Add Fedora33 to Fedora common templates\n1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail\n1899558 - CNV 2.6 - nmstate fails to set state\n1901480 - VM disk io can\u0027t worked if namespace have label kubemacpool\n1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1903014 - hco-webhook pod in CreateContainerError\n1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode\n1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT \"default\"\n1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers\n1907151 - kubevirt version is not reported correctly via virtctl\n1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6\n1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused \"Internal error occurred\" for creating datavolume\n1907988 - VM loses dynamic IP address of its default interface after migration\n1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity\n1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on \"qemu-img: /data/disk.img\" error\n1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO\n1911118 - Windows VMI LiveMigration / shutdown fails on \u0027XML error: non unique alias detected: ua-\u0027)\n1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface\n1911662 - el6 guests don\u0027t work properly if virtio bus is specified on various devices\n1912908 - Allow using \"scsi\" bus for disks in template validation\n1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails\n1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user\n1913717 - Users should have read permitions for golden images data volumes\n1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes\n1914177 - CNV does not preallocate blank file data volumes\n1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes\n1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer\n1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block\n1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1920576 - HCO can report ready=true when it failed to create a CR for a component operator\n1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool\n1927373 - NoExecute taint violates pdb; VMIs are not live migrated\n1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4-\u003eCNV-2.6.0 upgrade\n\n5. 8.2) - ppc64le, x86_64\n\n3. Description:\n\nThis is a kernel live patch module which is automatically loaded by the RPM\npost-install script to modify the code of a running kernel. 7) - aarch64, noarch, ppc64le\n\n3. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. (BZ#1919886)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap\n(BZ#1929909)\n\n* rpmbuild cannot build the userspace RPMs in the kernel package when the\nkernel itself is not built (BZ#1929911)\n\nEnhancement(s):\n\n* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start\n(BZ#1892345)\n\n* Add kernel option to change cpumask for kernel threads (BZ#1915344)\n\n4. Linux kernel vulnerabilities\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary\n\nSeveral security issues were fixed in the kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly expose sensitive information (kernel\nmemory). A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. \n(CVE-2020-29661)\n\nDe4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux\nkernel did not properly handle mod32 destination register truncation\nwhen the source register was known to be 0. A local attacker could use\nthis to expose sensitive information (kernel memory) or possibly execute\narbitrary code. (CVE-2021-3444)\n\nkernel: use-after-free in route4_change() in net/sched/cls_route.c \n(CVE-2021-3715)\n\nUpdate instructions\n\nThe problem can be corrected by updating your kernel livepatch to the\nfollowing versions:\n\nUbuntu 20.04 LTS\n gcp - 82.2\n generic - 82.2\n gke - 82.2\n gkeop - 82.2\n lowlatency - 82.2\n\nUbuntu 18.04 LTS\n generic - 82.1\n generic - 82.2\n gke - 82.1\n gke - 82.2\n gkeop - 82.2\n lowlatency - 82.1\n lowlatency - 82.2\n oem - 82.1\n oem - 82.2\n\nUbuntu 16.04 ESM\n generic - 82.1\n generic - 82.2\n lowlatency - 82.1\n lowlatency - 82.2\n\nSupport Information\n\nKernels older than the levels listed below do not receive livepatch\nupdates. If you are running a kernel version earlier than the one listed\nbelow, please upgrade your kernel as soon as possible. \n\nUbuntu 20.04 LTS\n linux-aws - 5.4.0-1009\n linux-azure - 5.4.0-1010\n linux-gcp - 5.4.0-1009\n linux-gke - 5.4.0-1033\n linux-gkeop - 5.4.0-1009\n linux-oem - 5.4.0-26\n linux - 5.4.0-26\n\nUbuntu 18.04 LTS\n linux-aws - 4.15.0-1054\n linux-azure-4.15 - 4.15.0-1115\n linux-gke-4.15 - 4.15.0-1076\n linux-gke-5.4 - 5.4.0-1009\n linux-gkeop-5.4 - 5.4.0-1007\n linux-hwe-5.4 - 5.4.0-26\n linux-oem - 4.15.0-1063\n linux - 4.15.0-69\n\nUbuntu 16.04 ESM\n linux-aws - 4.4.0-1098\n linux-azure - 4.15.0-1063\n linux-hwe - 4.15.0-69\n linux - 4.4.0-168\n\nUbuntu 14.04 ESM\n linux-lts-xenial - 4.4.0-168\n\nReferences\n\n- CVE-2020-29660\n- CVE-2020-29661\n- CVE-2021-3444\n- CVE-2021-3715\n\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29661",
"trust": 3.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/12/10/1",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "164950",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "160681",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-074-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93656033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2020-29661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162253",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161250",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161720",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"id": "VAR-202012-1546",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-11-29T21:01:32.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix\u00a0-\u003epgrp\u00a0locking\u00a0in\u00a0tiocspgrp()",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210537 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-alt security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210354 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210558 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-29661 log"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-032",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-032"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-031",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-031"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-034",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-034"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-033",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-033"
},
{
"title": "IBM: Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d39f316392b1adf4ca22f6ef041af00f"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1477",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1477"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-019"
},
{
"title": "Debian Security Advisories: DSA-4843-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b95030247235becf9e017bec31e9d503"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1588",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1588"
},
{
"title": "IBM: Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e9d6f12dfd14652e2bb7e5c28ded162b"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "https://github.com/lcatro/cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-667",
"trust": 1.0
},
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " improper lock (CWE-667) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 1.1,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/160681/linux-tiocspgrp-broken-locking.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164950/kernel-live-patch-security-notice-lsn-0082-1.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93656033/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25211"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-0444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20265"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alaslivepatch-2021-032.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1288"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0763"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3444"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"date": "2021-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"date": "2021-06-01T14:45:52",
"db": "PACKETSTORM",
"id": "162878"
},
{
"date": "2021-03-17T14:14:38",
"db": "PACKETSTORM",
"id": "161826"
},
{
"date": "2021-03-02T16:26:19",
"db": "PACKETSTORM",
"id": "161609"
},
{
"date": "2021-04-20T16:31:47",
"db": "PACKETSTORM",
"id": "162253"
},
{
"date": "2021-03-10T16:02:43",
"db": "PACKETSTORM",
"id": "161742"
},
{
"date": "2021-03-09T15:57:57",
"db": "PACKETSTORM",
"id": "161710"
},
{
"date": "2021-02-02T16:11:22",
"db": "PACKETSTORM",
"id": "161250"
},
{
"date": "2021-03-09T16:10:13",
"db": "PACKETSTORM",
"id": "161720"
},
{
"date": "2021-11-12T17:07:48",
"db": "PACKETSTORM",
"id": "164950"
},
{
"date": "2020-12-09T17:15:31.807000",
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"date": "2024-03-22T07:18:00",
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"date": "2024-11-21T05:24:23.040000",
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "164950"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 resource locking vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161720"
}
],
"trust": 0.5
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.