---

CVE-2021-20269 - log back

CVE-2021-20269 edited at 11 Mar 2021 18:25:44
References	https://www.openwall.com/lists/oss-security/2021/03/11/2 https://bugzilla.redhat.com/show_bug.cgi?id=1934261 + https://access.redhat.com/security/cve/CVE-2021-20269

CVE-2021-20269 edited at 11 Mar 2021 07:57:00
Description	- A security issue was found in kexec-tools where vmcore-dmesg.txt extracted from the vmcore of a previous kernel panic was created with incorrect permissions. It is possible that this could be used to leak kernel internal information from a previous execution if it was output to the ring buffer or part of the panic backtrace. An unprivileged user with a local account can use this to extract kernel internal information resulting in an information leak. + A security issue was found in kexec-tools where vmcore-dmesg.txt extracted from the vmcore of a previous kernel panic is created world-readable. It is possible that this could be used to leak kernel internal information from a previous execution if it was output to the ring buffer or part of the panic backtrace. An unprivileged user with a local account can use this to extract kernel internal information resulting in an information leak.
References	+ https://www.openwall.com/lists/oss-security/2021/03/11/2 https://bugzilla.redhat.com/show_bug.cgi?id=1934261

CVE-2021-20269 edited at 11 Mar 2021 07:54:32

Description

- A security issue was found in the Linux kernel. When there is a crash on the system, kdump generates the dmesg file with incorrect permissions. + A security issue was found in kexec-tools where vmcore-dmesg.txt extracted from the vmcore of a previous kernel panic was created with incorrect permissions. It is possible that this could be used to leak kernel internal information from a previous execution if it was output to the ring buffer or part of the panic backtrace. An unprivileged user with a local account can use this to extract kernel internal information resulting in an information leak.

CVE-2021-20269 edited at 09 Mar 2021 09:32:41
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ A security issue was found in the Linux kernel. When there is a crash on the system, kdump generates the dmesg file with incorrect permissions.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1934261

CVE-2021-20269 created at 09 Mar 2021 09:31:49
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes