---

Log

AVG-1513 created at 01 Feb 2021 08:41:16
Packages	+ linux-hardened
Issues	+ CVE-2021-3348
Status	+ Vulnerable
Severity	+ Medium
Affected	+ 5.10.12.hardened1-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

AVG-1512 edited at 01 Feb 2021 08:40:56
Severity	- Unknown + Medium

CVE-2021-3348 edited at 01 Feb 2021 08:40:56
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
References	+ https://www.openwall.com/lists/oss-security/2021/01/28/3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b98e762e3d71e893b221f871825dc64694cfb258
Notes

AVG-1512 created at 01 Feb 2021 08:39:58
Packages	+ linux
Issues	+ CVE-2021-3348
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 5.10.12.arch1-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-3348 created at 01 Feb 2021 08:39:58

AVG-1370 edited at 31 Jan 2021 13:46:32
Affected	- 1.5.0-1 + 1.5.1-1

AVG-1509 edited at 31 Jan 2021 11:39:54
Status	- Testing + Fixed

AVG-1508 edited at 31 Jan 2021 10:38:56
Status	- Vulnerable + Testing
Fixed	+ 5.10.12.zen1-1

AVG-1506 edited at 31 Jan 2021 10:38:48
Status	- Vulnerable + Testing
Fixed	+ 5.10.12.arch1-1

AVG-1509 edited at 30 Jan 2021 20:12:00
Status	- Vulnerable + Testing
Fixed	+ 5.4.94-1

AVG-1507 edited at 30 Jan 2021 20:11:30
Status	- Vulnerable + Fixed
Fixed	+ 5.10.12.hardened1-1

CVE-2020-29652 edited at 30 Jan 2021 20:09:44
References	https://groups.google.com/g/golang-announce/c/ouZIlBimOsE https://go-review.googlesource.com/c/crypto/+/278852 - https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8%5E%21/#F0 + https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8%5E!