OESA-2021-1087
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1087
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1087.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1087
- Upstream
- Published
- 2021-03-05T11:02:42Z
- Modified
- 2025-08-12T05:04:24.333653Z
- Summary
- kernel security update
- Details
-
The Linux Kernel, the operating system core itself.
Security Fix(es):
In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.(CVE-2020-29568)
In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583(CVE-2020-27068)
A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.(CVE-2021-3347)
nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.(CVE-2021-3348)
In binderreleasework of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0423)
mwifiexcmd80211adhocstart in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. (CVE-2020-4788)
An issue was discovered in the Linux kernel through 5.2.13. nbdgenlstatus in drivers/block/nbd.c does not check the nlaneststart_noflag return value.(CVE-2019-16089)
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0465)
In doepollctl and eploopcheck_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0466)
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAPNETADMIN) when inserting iptables rules could insert a rule which can panic the system.(CVE-2021-20177)
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) nosubtreecheck default behavior.(CVE-2021-3178)
- Database specific
{ "severity": "High" }- References
-
- https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1087
- https://nvd.nist.gov/vuln/detail/CVE-2020-28374
- https://nvd.nist.gov/vuln/detail/CVE-2020-29568
- https://nvd.nist.gov/vuln/detail/CVE-2020-27068
- https://nvd.nist.gov/vuln/detail/CVE-2020-27786
- https://nvd.nist.gov/vuln/detail/CVE-2021-3347
- https://nvd.nist.gov/vuln/detail/CVE-2021-3348
- https://nvd.nist.gov/vuln/detail/CVE-2020-0423
- https://nvd.nist.gov/vuln/detail/CVE-2020-36158
- https://nvd.nist.gov/vuln/detail/CVE-2020-8694
- https://nvd.nist.gov/vuln/detail/CVE-2019-16089
- https://nvd.nist.gov/vuln/detail/CVE-2020-0465
- https://nvd.nist.gov/vuln/detail/CVE-2020-0466
- https://nvd.nist.gov/vuln/detail/CVE-2021-20177
- https://nvd.nist.gov/vuln/detail/CVE-2021-3178
Affected packages
openEuler:20.03-LTS-SP1 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.90-2102.2.0.0057.oe1
Ecosystem specific
{
"x86_64": [
"python2-perf-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-tools-devel-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"perf-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-debugsource-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-tools-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-devel-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"perf-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"bpftool-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-source-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"python3-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"python2-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"kernel-tools-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"bpftool-debuginfo-4.19.90-2102.2.0.0057.oe1.x86_64.rpm",
"python3-perf-4.19.90-2102.2.0.0057.oe1.x86_64.rpm"
],
"src": [
"kernel-4.19.90-2102.2.0.0057.oe1.src.rpm"
],
"aarch64": [
"bpftool-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-debugsource-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-tools-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"perf-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"python3-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"python2-perf-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"python3-perf-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"bpftool-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-tools-devel-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-devel-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-tools-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"python2-perf-debuginfo-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"kernel-source-4.19.90-2102.2.0.0057.oe1.aarch64.rpm",
"perf-4.19.90-2102.2.0.0057.oe1.aarch64.rpm"
]
}