Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4647

Опубликовано: 15 нояб. 2021
Источник: rocky
Оценка: Important

Описание

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type (CVE-2021-43267)

  • kernel: timer tree corruption leads to missing wakeup and system freeze (CVE-2021-20317)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64348.2.1.el8_5bpftool-4.18.0-348.2.1.el8_5.x86_64.rpm
kernelx86_64348.2.1.el8_5kernel-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-abi-stablelistsnoarch348.2.1.el8_5kernel-abi-stablelists-4.18.0-348.2.1.el8_5.noarch.rpm
kernel-corex86_64348.2.1.el8_5kernel-core-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-cross-headersx86_64348.2.1.el8_5kernel-cross-headers-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-debugx86_64348.2.1.el8_5kernel-debug-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-debug-corex86_64348.2.1.el8_5kernel-debug-core-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-debug-develx86_64348.2.1.el8_5kernel-debug-devel-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-debug-modulesx86_64348.2.1.el8_5kernel-debug-modules-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-debug-modules-extrax86_64348.2.1.el8_5kernel-debug-modules-extra-4.18.0-348.2.1.el8_5.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-20317
CVE-2021-43267

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2021-4647

oracle-oval
около 4 лет назад

ELSA-2021-4647: kernel security update (IMPORTANT)

ubuntu логотип

CVE-2021-43267

CVSS3: 9.8
ubuntu
около 4 лет назад

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

redhat логотип

CVE-2021-43267

CVSS3: 8.8
redhat
около 4 лет назад

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

nvd логотип

CVE-2021-43267

CVSS3: 9.8
nvd
около 4 лет назад

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

msrc логотип

CVE-2021-43267

CVSS3: 9.8
msrc
около 4 лет назад

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.