Log

CVE-2021-38204 edited at 09 Aug 2021 07:38:48
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.6&id=d4179cdb769a651f2ae89c325612a69bf6fbdf70
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.54&id=7af54a4e221e5619a87714567e2258445dc35435
AVG-2232 edited at 09 Aug 2021 07:37:12
Issues
CVE-2021-3679
CVE-2021-37159
+ CVE-2021-38204
CVE-2021-38204 created at 09 Aug 2021 07:37:12
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1880 edited at 08 Aug 2021 14:46:27
Affected
- 5.13.8.zen2-1
+ 5.13.9.zen1-1
AVG-1879 edited at 08 Aug 2021 14:46:18
Affected
- 5.13.8.arch1-1
+ 5.13.9.arch1-1
AVG-1594 edited at 08 Aug 2021 14:46:09
Affected
- 5.13.8.arch1-1
+ 5.13.9.arch1-1
CVE-2021-38166 edited at 08 Aug 2021 14:45:59
Description
- In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
+ In kernel/bpf/hashtab.c in the Linux kernel, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
AVG-2263 edited at 08 Aug 2021 07:55:30
Severity
- Unknown
+ Medium
CVE-2021-29922 edited at 08 Aug 2021 07:55:30
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
References
+ https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
+ https://github.com/rust-lang/rust/issues/83648
+ https://github.com/rust-lang/rust/pull/83652
+ https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30
Notes
AVG-2263 created at 08 Aug 2021 07:51:22
Packages
+ rust
Issues
+ CVE-2021-29922
Status
+ Fixed
Severity
+ Unknown
Affected
+ 1.52.1-3
Fixed
+ 1.53.0-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-29922 created at 08 Aug 2021 07:51:22
AVG-1880 edited at 08 Aug 2021 07:37:25
Affected
- 5.13.8.zen1-1
+ 5.13.8.zen2-1
AVG-2262 edited at 08 Aug 2021 07:36:24
Severity
- Unknown
+ Medium
CVE-2021-38185 edited at 08 Aug 2021 07:36:24
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary command execution
Description
+ GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
References
+ https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html
+ https://lists.gnu.org/archive/html/bug-cpio/2021-08/pdfxOgaWPRm0N.pdf
+ https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
Notes