English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2021.0409
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2021-0409)
Resumen:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0409 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0409 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.10.60 and fixes at least the
following security issues:

Specifically timed and handcrafted traffic can cause internal errors
in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a
consequent possibility of information disclosure over the air for a
discrete set of traffic in ath9k (CVE-2020-3702).

A missing validation of the 'int_ctl' VMCB field allows a malicious L1
guest to enable AVIC support (Advanced Virtual Interrupt Controller)
for the L2 guest. The L2 guest is able to write to a limited but still
relatively large subset of the host physical memory, resulting in a
crash of the entire system, leak of sensitive data or potential
guest-to-host escape (CVE-2021-3653).

A missing validation of the 'virt_ext' VMCB field and allows a
malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS
(Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,
the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus
read/write portions of the host physical memory, resulting in a
crash of the entire system, leak of sensitive data or potential
guest-to-host escape (CVE-2021-3656).

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is
an integer overflow and out-of-bounds write when many elements are
placed in a single bucket (CVE-2021-38166).

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before
5.13.3 makes it easier for attackers to defeat an ASLR protection
mechanism because it prints a kernel pointer (CVE-2021-38205).

Other fixes in this update:
- cfi_cmdset_0002: fix crash when erasing/writing AMD cards

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-3702
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
Debian Security Information: DSA-4978 (Google Search)
https://www.debian.org/security/2021/dsa-4978
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3653
http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=1983686
https://www.openwall.com/lists/oss-security/2021/08/16/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3656
https://bugzilla.redhat.com/show_bug.cgi?id=1983988
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
Common Vulnerability Exposure (CVE) ID: CVE-2021-38166
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUVLBJKZMWA3E3YXSH4SZ7BOYGJP4GXP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UL6CH5M5PRLMA3KPBX4LPUO6Z73GRISO/
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu@gmail.com/
Common Vulnerability Exposure (CVE) ID: CVE-2021-38205
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
https://github.com/torvalds/linux/commit/d0d62baa7f505bd4c59cd169692ff07ec49dde37
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.