OESA-2021-1279

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1279
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1279.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1279
Upstream
  • CVE-2021-3587
Published
2021-07-24T11:03:04Z
Modified
2025-08-12T05:06:13.476977Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

there was a null pointer dereference in llcpsockgetname in net/nfc/llcpsock.c and reproduced it in linux-5.13.0-rc2. An unprivileged user can trigger this bug and cause denial of service. #Root Cause After creating an nfc socket, bind the address by calling bind(), if LLCPSAPMAX was used as SAP, it cause the bind() failed and there would set llcpsock->servicename as NULL. Although bind() returns an error here, it does not affect calling other socket functions. sockgetname() would invoke llcpsockgetname(), llcpsockgetname copied service name from llcpsock->servicename by memcpy but llcpsock->servicename is NULL. #Fix the patch for this issue: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=4ac06a1e013c(CVE-2021-3587)

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctxlist in some ucmamigrateid situations where ucmaclose is called, aka CID-f5449e74802c.(CVE-2020-36385)

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.(CVE-2020-28097)

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.(CVE-2021-33624)

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argument.(CVE-2021-35039)

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space(CVE-2021-22555)

A flaw use-after-free in function hcisockbound_ioctl() of the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system.(CVE-2021-3573)

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.(CVE-2021-0129)

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.(CVE-2021-34693)

An issue was discovered in the Linux kernel before 5.8.2. fs/iouring.c has a use-after-free related to ioasynctaskfunc and ctx reference holding, aka CID-6d816e088c35.(CVE-2020-36387)

A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.(CVE-2021-3609)

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.(CVE-2021-3600)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2107.4.0.0097.oe1

Ecosystem specific 

{
    "x86_64": [
        "perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "bpftool-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2107.4.0.0097.oe1.x86_64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2107.4.0.0097.oe1.src.rpm"
    ],
    "aarch64": [
        "kernel-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "bpftool-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2107.4.0.0097.oe1

Ecosystem specific 

{
    "x86_64": [
        "perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "bpftool-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "perf-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2107.4.0.0097.oe1.x86_64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2107.4.0.0097.oe1.src.rpm"
    ],
    "aarch64": [
        "kernel-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "bpftool-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2107.4.0.0097.oe1.aarch64.rpm"
    ]
}