USN-4947-1: Linux kernel (OEM) vulnerabilities
Kiyin (尹亮) discovered that the x25 implementation in the Linux kernel
contained overflows when handling addresses from user space. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-35519)
It was discovered that the fastrpc driver in the Linux kernel did not
prevent user space applications from sending kernel RPC messages. A local
attacker could possibly use this to gain elevated privileges.
(CVE-2021-28375)
It was discovered that the TIPC protocol implementation in the Linux kernel
did not properly validate passed encryption key sizes. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2021-29646)
It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)
Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel
did not properly deallocate memory in some situations. A local attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2021-30002)
Source: USN-4947-1: Linux kernel (OEM) vulnerabilities
Leave a Reply