Ubuntu Linux Canonical Ubuntu Linux Linux Operating System

Do you want an email whenever new security vulnerabilities are reported in Canonical Ubuntu Linux?

Recent Canonical Ubuntu Linux Security Advisories

Advisory Title Published
USN-4991-1 USN-4991-1: libxml2 vulnerabilities June 17, 2021
USN-4990-1 USN-4990-1: Nettle vulnerabilities June 17, 2021
USN-4989-2 USN-4989-2: BlueZ vulnerabilities June 16, 2021
USN-4989-1 USN-4989-1: BlueZ vulnerabilities June 16, 2021
USN-4988-1 USN-4988-1: ImageMagick vulnerabilities June 15, 2021
USN-4986-4 USN-4986-4: rpcbind regression June 10, 2021
USN-4987-1 USN-4987-1: ExifTool vulnerability June 10, 2021
USN-4986-3 USN-4986-3: rpcbind regression June 10, 2021
USN-4971-2 USN-4971-2: libwebp vulnerabilities June 10, 2021
USN-4986-2 USN-4986-2: rpcbind vulnerability June 9, 2021

@ubuntu Tweets

A report from @451Research found Canonical’s managed private cloud #BootStack to be cheaper than 25 of the public c… https://t.co/zcc4H5qUBH
Thu Jun 17 12:40:45 +0000 2021

Now would be the time to get some popcorn for today's community office hours in half an hour ���� https://t.co/PttWBthGe1
Thu Jun 17 11:30:47 +0000 2021

.@RuiVasconcelos_, Product Manager at @Canonical, showcases the steps necessary to install Kubeflow on any conforma… https://t.co/5U7fFaDUjT
Thu Jun 17 10:11:24 +0000 2021

Join @rhys_the_davies over at #ubuntuonair on Twitch or YouTube �� at 12:00 UTC to ask questions��and listen to the l… https://t.co/3XFKInluTf
Thu Jun 17 08:42:42 +0000 2021

Key considerations when choosing a robot’s operating system #robot https://t.co/SHYd1abxf9 https://t.co/EAwANpwU0J
Wed Jun 16 13:45:12 +0000 2021

By the Year

In 2021 there have been 112 vulnerabilities in Canonical Ubuntu Linux with an average score of 6.8 out of ten. Last year Ubuntu Linux had 186 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ubuntu Linux in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.36.

Year Vulnerabilities Average Score
2021 112 6.81
2020 186 6.46
2019 358 7.11
2018 783 7.19

It may take a day or so for new Ubuntu Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Canonical Ubuntu Linux Security Vulnerabilities

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32552 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32551 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32550 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32549 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32548 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32547 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32555 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32554 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32553 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

insecure temporary file

An unlimited recursion in DxeCore in EDK II.

CVE-2021-28210 - June 11, 2021

An unlimited recursion in DxeCore in EDK II.

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

CVE-2021-28211 - June 11, 2021

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

CVE-2021-3588 - June 10, 2021

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

Improper isolation of shared resources in some Intel(R) Processors may

CVE-2020-24511 - June 09, 2021

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Observable timing discrepancy in some Intel(R) Processors may

CVE-2020-24512 - June 09, 2021

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may

CVE-2020-24513 - June 09, 2021

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6

CVE-2021-31807 6.5 - Medium - June 08, 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

Integer Overflow or Wraparound

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs

CVE-2021-33203 - June 08, 2021

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

In Django 2.2 before 2.2.24

CVE-2021-33571 - June 08, 2021

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check

CVE-2021-3489 7.8 - High - June 04, 2021

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).

Memory Corruption

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds

CVE-2021-3490 7.8 - High - June 04, 2021

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

Out-of-bounds Read

The io_uring subsystem in the Linux kernel

CVE-2021-3491 8.8 - High - June 04, 2021

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).

Memory Corruption

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22

CVE-2021-32027 8.8 - High - June 01, 2021

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Buffer Overflow

There's a flaw in libxml2's xmllint in versions before 2.9.11

CVE-2021-3516 7.8 - High - June 01, 2021

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Dangling pointer

Squid before 4.15 and 5.x before 5.0.6

CVE-2021-33620 6.5 - Medium - May 28, 2021

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

Improper Input Validation

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem

CVE-2021-20292 6.7 - Medium - May 28, 2021

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Dangling pointer

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6

CVE-2021-31808 6.5 - Medium - May 27, 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.

Improper Input Validation

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6

CVE-2021-31806 6.5 - Medium - May 27, 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

Output Sanitization

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579

CVE-2021-33200 7.8 - High - May 27, 2021

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.

Memory Corruption

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6

CVE-2021-28651 7.5 - High - May 27, 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

Resource Exhaustion

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6

CVE-2021-28652 4.9 - Medium - May 27, 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

Memory Leak

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6

CVE-2021-28662 6.5 - Medium - May 27, 2021

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

Output Sanitization

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free

CVE-2020-25670 7.8 - High - May 26, 2021

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.

Dangling pointer

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free

CVE-2020-25671 7.8 - High - May 26, 2021

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.

Dangling pointer

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.

CVE-2020-25673 5.5 - Medium - May 26, 2021

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.

Resource Exhaustion

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

CVE-2020-25672 7.5 - High - May 25, 2021

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

Memory Leak

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device

CVE-2020-26558 4.2 - Medium - May 24, 2021

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

authentification

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

CVE-2021-3517 8.6 - High - May 19, 2021

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Memory Corruption

There's a flaw in libxml2 in versions before 2.9.11

CVE-2021-3518 8.8 - High - May 18, 2021

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Dangling pointer

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files

CVE-2021-32617 5.5 - Medium - May 17, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`.

Resource Exhaustion

A flaw was found in the Nosy driver in the Linux kernel

CVE-2021-3483 7.8 - High - May 17, 2021

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected

Dangling pointer

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c

CVE-2021-33033 7.8 - High - May 14, 2021

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.

Dangling pointer

A vulnerability found in libxml2 in versions before 2.9.11 shows

CVE-2021-3537 5.9 - Medium - May 14, 2021

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata

CVE-2021-29623 3.3 - Low - May 13, 2021

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.

Use of Uninitialized Resource

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12

CVE-2021-31916 6.7 - Medium - May 06, 2021

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

Memory Corruption

In Django 2.2 before 2.2.22

CVE-2021-32052 6.1 - Medium - May 06, 2021

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

XSS

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content

CVE-2021-31829 5.5 - Medium - May 06, 2021

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.

AuthZ

An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5

CVE-2020-35519 7.8 - High - May 06, 2021

An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Out-of-bounds Read

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations

CVE-2020-28026 9.8 - Critical - May 06, 2021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.

Argument Injection

A flaw was found in the Linux kernel in versions before 5.12

CVE-2021-3501 7.1 - High - May 06, 2021

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

Memory Corruption

A flaw was found in samba

CVE-2021-20254 8.1 - High - May 05, 2021

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Out-of-bounds Read

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files

CVE-2021-29463 5.5 - Medium - April 30, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.

Out-of-bounds Read

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files

CVE-2021-29464 7.8 - High - April 30, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.

Memory Corruption

In BIND 9.8.5 -> 9.8.8

CVE-2021-25214 6.5 - Medium - April 29, 2021

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

assertion failure

In BIND 9.0.0 -> 9.11.29

CVE-2021-25215 7.5 - High - April 29, 2021

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

assertion failure

In BIND 9.5.0 -> 9.11.29

CVE-2021-25216 9.8 - Critical - April 29, 2021

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.

assertion failure

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata

CVE-2021-29473 2.5 - Low - April 26, 2021

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security.

Out-of-bounds Read

OpenVPN 2.5.1 and earlier versions

CVE-2020-15078 7.5 - High - April 26, 2021

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

authentification

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files

CVE-2021-29470 6.5 - Medium - April 23, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.

Out-of-bounds Read

NVIDIA GPU Display Driver for Windows and Linux

CVE-2021-1076 7.8 - High - April 21, 2021

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

AuthZ

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource

CVE-2021-1077 5.5 - Medium - April 21, 2021

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

Improper Resource Shutdown or Release

An issue was discovered in the Linux kernel through 5.11.x

CVE-2021-29155 5.5 - Medium - April 20, 2021

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Out-of-bounds Read

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

CVE-2021-3497 7.8 - High - April 19, 2021

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

Dangling pointer

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

CVE-2021-3498 7.8 - High - April 19, 2021

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

Buffer Overflow

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files

CVE-2021-29457 7.8 - High - April 19, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.

Heap-based Buffer Overflow

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files

CVE-2021-29458 5.5 - Medium - April 19, 2021

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.

Out-of-bounds Read

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system

CVE-2021-3493 7.8 - High - April 17, 2021

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Improper Privilege Management

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_

CVE-2021-3492 7.8 - High - April 17, 2021

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Double-free

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1

CVE-2021-3482 6.5 - Medium - April 08, 2021

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Buffer Overflow

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements

CVE-2021-29154 7.8 - High - April 08, 2021

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Command Injection

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could

CVE-2021-1252 7.5 - High - April 08, 2021

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

Improper Input Validation

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could

CVE-2021-1404 7.5 - High - April 08, 2021

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Improper Input Validation

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could

CVE-2021-1405 7.5 - High - April 08, 2021

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Classic Buffer Overflow

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash

CVE-2013-1054 6.5 - Medium - April 07, 2021

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Improper Resource Shutdown or Release

The unity-firefox-extension package could be tricked into dropping a C callback

CVE-2013-1055 4.3 - Medium - April 07, 2021

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Improper Resource Shutdown or Release

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values

CVE-2021-28688 6.5 - Medium - April 06, 2021

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.

Improper Initialization

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists

CVE-2021-30002 6.2 - Medium - April 02, 2021

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.

Missing Release of Resource after Effective Lifetime

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29646 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29650 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29647 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29649 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.

Memory Leak

An issue was discovered in the Linux kernel through 5.11.10

CVE-2021-29264 5.5 - Medium - March 26, 2021

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.

An issue was discovered in the Linux kernel before 5.11.7

CVE-2021-29265 4.7 - Medium - March 26, 2021

An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.

Race Condition

An issue was discovered in the Linux kernel before 5.11.9

CVE-2021-29266 7.8 - High - March 26, 2021

An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.

Dangling pointer

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21341 7.5 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Resource Exhaustion

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21342 9.1 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XSPA

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21343 7.5 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21344 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21345 9.9 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Code Injection

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21346 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21347 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21348 7.5 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Resource Exhaustion

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21349 8.6 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XSPA

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21350 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21351 9.1 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash

CVE-2021-28971 5.5 - Medium - March 22, 2021

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.

Resource Exhaustion

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace

CVE-2021-28972 6.7 - Medium - March 22, 2021

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.

Classic Buffer Overflow

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8

CVE-2021-28964 4.7 - Medium - March 22, 2021

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

Race Condition

An issue was discovered in the Linux kernel through 5.11.8

CVE-2021-28952 7.8 - High - March 20, 2021

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

Classic Buffer Overflow

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8

CVE-2021-28951 5.5 - Medium - March 20, 2021

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8

CVE-2021-28950 5.5 - Medium - March 20, 2021

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

Excessive Iteration

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Canonical? Click the Watch button to subscribe.

Canonical
Vendor

Canonical Ubuntu Linux
Linux Operating System

subscribe