Log

CVE-2021-3667 edited at 02 Aug 2021 14:47:21
Description
- An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.
+ An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt before version 7.6.0. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.
AVG-2245 edited at 02 Aug 2021 14:45:08
Severity
- Unknown
+ Low
CVE-2021-3673 edited at 02 Aug 2021 14:45:08
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and denial of service.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1989130
+ https://github.com/radareorg/radare2/issues/18923
+ https://github.com/radareorg/radare2/pull/18926
+ https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d
Notes
AVG-2245 created at 02 Aug 2021 14:44:02
Packages
+ radare2
Issues
+ CVE-2021-3673
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.3.1-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3673 created at 02 Aug 2021 14:44:02
AVG-2236 edited at 02 Aug 2021 12:50:02
Affected
- 2.37.1-1
+ 2.37.1-3
AVG-1741 edited at 02 Aug 2021 08:37:03
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3640
CVE-2021-29648
CVE-2021-30178
CVE-2021-31615
+ CVE-2021-34556
+ CVE-2021-35477
AVG-1881 edited at 02 Aug 2021 08:36:55
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3640
CVE-2021-31615
+ CVE-2021-34556
+ CVE-2021-35477
AVG-1880 edited at 02 Aug 2021 08:36:49
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3640
CVE-2021-31615
+ CVE-2021-34556
+ CVE-2021-35477
CVE-2021-35477 edited at 02 Aug 2021 08:36:23
References
https://www.openwall.com/lists/oss-security/2021/08/01/3
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
CVE-2021-34556 edited at 02 Aug 2021 08:36:06
References
https://www.openwall.com/lists/oss-security/2021/08/01/3
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
CVE-2021-35477 edited at 02 Aug 2021 08:34:05
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ An issue has been discovered in the Linux kernel mechanism to mitigate Speculative Store Bypass in BPF. On affected systems, an unprivileged BPF program can exploit any of
+ these issues to disclose the content of arbitrary kernel memory via a side-channel.
+
+ When protecting memory operations against Speculative Store Bypass, the technique used by the BPF verifier to manage speculation is unreliable. Specifically, each potentially problematic memory store operations is sanitized by inserting a preempting store of zero value. The preempting store is incorrectly assumed to complete "fast" as it only depends on the BPF stack frame pointer. However a few different scenarios have been identified where this assumption is invalid, by demonstrating a dependent load instruction to speculatively execute ahead of the preempting store. Practical attacks have been shown to disclose content of arbitrary kernel memory via a side-channel.
References
+ https://www.openwall.com/lists/oss-security/2021/08/01/3
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee