AVG-1741 log

Package linux-lts
Status Vulnerable
Severity Medium
Type multiple issues
Affected 5.10.45-1
Fixed Unknown
Current 5.10.45-1 [core]
Ticket Create
Created Sat Mar 27 11:42:19 2021
Issue Severity Remote Type Description
CVE-2021-34693 Medium No Information disclosure
net/can/bcm.c in the Linux kernel allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-33624 Medium No Information disclosure
The Linux kernel BPF subsystem's protection against speculative execution attacks (Spectre mitigation) can be bypassed. On affected systems, an unprivileged...
CVE-2021-30178 Low No Denial of service
An issue was discovered in the Linux kernel. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V...
CVE-2021-29648 Low No Denial of service
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are...
CVE-2021-22543 Medium No Privilege escalation
An issue was discovered in the Linux KVM· through Improper handling of VM_IO|VM_PFNMAP, vmas in KVM can bypass RO checks and can lead to pages being freed...
CVE-2021-3609 Medium No Privilege escalation
A race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. The CAN BCM networking protocol allows to register a...
CVE-2021-3564 Medium No Arbitrary code execution
A security issue has been found in Bluetooth subsystem of the Linux kernel. HCI device initialization failure can lead to unexpected results, like...
CVE-2021-3542 Medium No Privilege escalation
A heap-based buffer overflow security issue was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw...
CVE-2020-26560 Medium Yes Authentication bypass
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a...
CVE-2020-26559 Medium Yes Private key recovery
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify...
CVE-2020-26557 Medium Yes Private key recovery
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning...
CVE-2020-26556 Medium Yes Private key recovery
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an...
CVE-2020-26555 Medium Yes Authentication bypass
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR...