CVE-2021-29647

Опубликовано: 30 мар. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.

Ссылки

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
Mailing List
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
Mailing List
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.11.11 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-909

Связанные уязвимости

CVE-2021-29647

CVSS3: 5.5

ubuntu

почти 5 лет назад

CVE-2021-29647

CVSS3: 5.5

redhat

почти 5 лет назад

CVE-2021-29647

CVSS3: 5.5

msrc

почти 5 лет назад

Описание отсутствует

CVE-2021-29647

CVSS3: 5.5

debian

почти 5 лет назад

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...

GHSA-fh6x-896f-frcg

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 27%

0.00094

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-909