ID

VAR-202107-1361


CVE

CVE-2021-33909


TITLE

Red Hat Security Advisory 2021-2763-01

Trust: 0.1

sources: PACKETSTORM: 163682

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.7.21 security and bug fix update Advisory ID: RHSA-2021:2763-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2763 Issue date: 2021-07-26 CVE Names: CVE-2021-33909 CVE-2021-33910 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.7 - noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z source tree (BZ#1957359) * Placeholder bug for OCP 4.7.0 rpm release (BZ#1983534) 4. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 1970887 - CVE-2021-33910 systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash 1983534 - Placeholder bug for OCP 4.7.0 rpm release 6. Package List: Red Hat OpenShift Container Platform 4.7: Source: cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el7.src.rpm openshift-4.7.0-202107132131.p0.git.558d959.assembly.stream.el7.src.rpm openshift-ansible-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.src.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.src.rpm noarch: openshift-ansible-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.noarch.rpm openshift-ansible-test-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.noarch.rpm x86_64: cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el7.x86_64.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el7.x86_64.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.7: Source: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.src.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.src.rpm kernel-4.18.0-240.23.2.el8_3.src.rpm kernel-rt-4.18.0-240.23.2.rt7.79.el8_3.src.rpm openshift-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.src.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.src.rpm openshift-kuryr-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.src.rpm systemd-239-41.el8_3.3.src.rpm noarch: kernel-abi-whitelists-4.18.0-240.23.2.el8_3.noarch.rpm kernel-doc-4.18.0-240.23.2.el8_3.noarch.rpm openshift-kuryr-cni-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm python3-kuryr-kubernetes-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm ppc64le: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.ppc64le.rpm bpftool-4.18.0-240.23.2.el8_3.ppc64le.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm kernel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-core-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-headers-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-ipaclones-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-libs-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-libs-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.ppc64le.rpm perf-4.18.0-240.23.2.el8_3.ppc64le.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm python3-perf-4.18.0-240.23.2.el8_3.ppc64le.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm s390x: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.s390x.rpm bpftool-4.18.0-240.23.2.el8_3.s390x.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm kernel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-240.23.2.el8_3.s390x.rpm kernel-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-headers-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-tools-4.18.0-240.23.2.el8_3.s390x.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.s390x.rpm perf-4.18.0-240.23.2.el8_3.s390x.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm python3-perf-4.18.0-240.23.2.el8_3.s390x.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm x86_64: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.x86_64.rpm bpftool-4.18.0-240.23.2.el8_3.x86_64.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm kernel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-core-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-devel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-headers-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-ipaclones-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-rt-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-core-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-core-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-devel-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-kvm-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debuginfo-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-devel-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-kvm-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-extra-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-selftests-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-libs-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-libs-devel-4.18.0-240.23.2.el8_3.x86_64.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.x86_64.rpm perf-4.18.0-240.23.2.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm python3-perf-4.18.0-240.23.2.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm systemd-239-41.el8_3.3.x86_64.rpm systemd-container-239-41.el8_3.3.x86_64.rpm systemd-container-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-debugsource-239-41.el8_3.3.x86_64.rpm systemd-devel-239-41.el8_3.3.x86_64.rpm systemd-journal-remote-239-41.el8_3.3.x86_64.rpm systemd-journal-remote-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-libs-239-41.el8_3.3.x86_64.rpm systemd-libs-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-pam-239-41.el8_3.3.x86_64.rpm systemd-pam-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-tests-239-41.el8_3.3.x86_64.rpm systemd-tests-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-udev-239-41.el8_3.3.x86_64.rpm systemd-udev-debuginfo-239-41.el8_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYP7mF9zjgjWX9erEAQgZ9w//YYzC2fpVCACER7JZoIPkj5kgKpNZb2dl rAWgr+4jY5kTvZWF189Xbte1l82nWPYNhsC159NvlhevkFvNXvq5sCNrjn/5c9r7 4Kcxfoxssz2XS8k5QeOgm1eNaIyRbvO0N2GPJu5hFXqZJgC9Pd1a4aKGECRNT55d hiAbsYgB5BgbC/Zoz1p50p4t8oIQtaurNizNF/gk97WqcLaRHRN3JgxXv5Q7qn0W 6kxA5Vj7MYUnVR18h+GQv9BFxhOGW0E6JWsNXOpRuyyy2ZIDiRcaXL67luB2n24O H6Sc4nOxV4wEZ/0gWfb5YjRdwVdxQXwxa9hegiWX+CeApLUrsvZy0W0Ca/Bc7pbv B+FuHJZMjrAy7ORnILkkSGh1jHO5D3m22SWs3+mokJnUAl9CMFj/l9xbZEli0Nga bxbJg1TSQg30PGc1DQOdeM7i9dNHJGiJw1b89rP/R3W+9eUjtZTdaeD/irwbFTP0 KYCl+KmjnjWayXP+ZfdW0fWwBo1rl5o6bjTai1ztfjZALXaYQpCEyhvZsLbzL+j9 PIRUvwT3TXk0014tPyweLQLRwpOTPFhAro3hgzsLUKFpQhB2vhbR0U8yu/SGRS3z x4SzHQhYcU24UTJxMLUXdRQjniJbRZsyaCpUM0FvSVxzzhpwMiOAR9IZhvOOW5mo aRtMwhGvgzU= =dqQ0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. This affects kernel/bpf/core.c and net/core/filter.c. (CVE-2018-25020) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. 6 ELS) - i386, noarch, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64 3. 6 ELS): Source: kernel-2.6.32-754.41.2.el6.src.rpm i386: kernel-2.6.32-754.41.2.el6.i686.rpm kernel-debug-2.6.32-754.41.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.41.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.41.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.41.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.41.2.el6.i686.rpm kernel-devel-2.6.32-754.41.2.el6.i686.rpm kernel-headers-2.6.32-754.41.2.el6.i686.rpm perf-2.6.32-754.41.2.el6.i686.rpm perf-debuginfo-2.6.32-754.41.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.41.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.41.2.el6.noarch.rpm kernel-doc-2.6.32-754.41.2.el6.noarch.rpm kernel-firmware-2.6.32-754.41.2.el6.noarch.rpm s390x: kernel-2.6.32-754.41.2.el6.s390x.rpm kernel-debug-2.6.32-754.41.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.41.2.el6.s390x.rpm kernel-debug-devel-2.6.32-754.41.2.el6.s390x.rpm kernel-debuginfo-2.6.32-754.41.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.41.2.el6.s390x.rpm kernel-devel-2.6.32-754.41.2.el6.s390x.rpm kernel-headers-2.6.32-754.41.2.el6.s390x.rpm kernel-kdump-2.6.32-754.41.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.41.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.41.2.el6.s390x.rpm perf-2.6.32-754.41.2.el6.s390x.rpm perf-debuginfo-2.6.32-754.41.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.41.2.el6.s390x.rpm x86_64: kernel-2.6.32-754.41.2.el6.x86_64.rpm kernel-debug-2.6.32-754.41.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.41.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.41.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.41.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.41.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.41.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.41.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.41.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.41.2.el6.x86_64.rpm kernel-devel-2.6.32-754.41.2.el6.x86_64.rpm kernel-headers-2.6.32-754.41.2.el6.x86_64.rpm perf-2.6.32-754.41.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.41.2.el6.i686.rpm perf-debuginfo-2.6.32-754.41.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.41.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.41.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 8.1) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. ========================================================================== Ubuntu Security Notice USN-5018-1 July 20, 2021 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1078-oracle 4.15.0-1078.86 linux-image-4.15.0-1092-raspi2 4.15.0-1092.98 linux-image-4.15.0-1097-kvm 4.15.0-1097.99 linux-image-4.15.0-1106-gcp 4.15.0-1106.120 linux-image-4.15.0-1109-aws 4.15.0-1109.116 linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118 linux-image-4.15.0-1121-azure 4.15.0-1121.134 linux-image-4.15.0-151-generic 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae 4.15.0-151.157 linux-image-4.15.0-151-lowlatency 4.15.0-151.157 linux-image-aws-lts-18.04 4.15.0.1109.112 linux-image-azure-lts-18.04 4.15.0.1121.94 linux-image-gcp-lts-18.04 4.15.0.1106.125 linux-image-generic 4.15.0.151.139 linux-image-generic-lpae 4.15.0.151.139 linux-image-kvm 4.15.0.1097.93 linux-image-lowlatency 4.15.0.151.139 linux-image-oracle-lts-18.04 4.15.0.1078.88 linux-image-raspi2 4.15.0.1092.90 linux-image-snapdragon 4.15.0.1109.112 linux-image-virtual 4.15.0.151.139 Ubuntu 16.04 ESM: linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1 linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1 linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1 linux-image-aws-hwe 4.15.0.1109.100 linux-image-azure 4.15.0.1121.112 linux-image-gcp 4.15.0.1106.107 linux-image-generic-hwe-16.04 4.15.0.151.146 linux-image-gke 4.15.0.1106.107 linux-image-lowlatency-hwe-16.04 4.15.0.151.146 linux-image-oem 4.15.0.151.146 linux-image-oracle 4.15.0.1078.66 linux-image-virtual-hwe-16.04 4.15.0.151.146 Ubuntu 14.04 ESM: linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1 linux-image-azure 4.15.0.1121.94 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5018-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118

Trust: 1.8

sources: NVD: CVE-2021-33909 // VULMON: CVE-2021-33909 // PACKETSTORM: 163682 // PACKETSTORM: 163747 // PACKETSTORM: 165477 // PACKETSTORM: 163578 // PACKETSTORM: 163590 // PACKETSTORM: 163594 // PACKETSTORM: 163597 // PACKETSTORM: 163599 // PACKETSTORM: 163602

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.240

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.16

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:sonicwallmodel:sma1000scope:lteversion:12.4.2-02044

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.13

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.13

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.52

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.2

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.13.4

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.134

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.3

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.12.43

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.12.19

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.276

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.276

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.198

Trust: 1.0

sources: NVD: CVE-2021-33909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33909
value: HIGH

Trust: 1.0

VULMON: CVE-2021-33909
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-33909
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-33909
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-33909 // NVD: CVE-2021-33909

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-190

Trust: 1.0

sources: NVD: CVE-2021-33909

THREAT TYPE

local

Trust: 0.2

sources: PACKETSTORM: 163597 // PACKETSTORM: 163599

TYPE

overflow

Trust: 0.2

sources: PACKETSTORM: 165477 // PACKETSTORM: 163578

PATCH

title:Amazon Linux AMI: ALAS-2021-1524url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1524

Trust: 0.1

title:Debian Security Advisories: DSA-4941-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb9b5f5cc430f484f4420a11b7b87136

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-055url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-055

Trust: 0.1

title:Amazon Linux 2: ALAS2KERNEL-5.10-2022-003url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.10-2022-003

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1691url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1691

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-057url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-057

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-056url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-056

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-48] linux: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-48

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-50] linux-hardened: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-50

Trust: 0.1

title:Amazon Linux 2: ALAS2KERNEL-5.4-2022-005url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.4-2022-005

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-058url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-058

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-059url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-059

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-49] linux-zen: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-49

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-51] linux-lts: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-51

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-33909 log

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:LinuxVulnerabilitiesurl:https://github.com/gitezri/LinuxVulnerabilities

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/AmIAHuman/CVE-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/Liang2580/CVE-2021-33909

Trust: 0.1

title:cve-2021-33909url:https://github.com/baerwolf/cve-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/bbinfosec43/CVE-2021-33909

Trust: 0.1

title:deep-directoryurl:https://github.com/sfowl/deep-directory

Trust: 0.1

title:integer_compilation_flagsurl:https://github.com/mdulin2/integer_compilation_flags

Trust: 0.1

title:CVE-2021-33909url:https://github.com/AlAIAL90/CVE-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/ChrisTheCoolHut/CVE-2021-33909

Trust: 0.1

title: - url:https://github.com/knewbury01/codeql-workshop-integer-conversion

Trust: 0.1

title:kickstart-rhel8url:https://github.com/alexhaydock/kickstart-rhel8

Trust: 0.1

title:exploit_articlesurl:https://github.com/ChoKyuWon/exploit_articles

Trust: 0.1

title: - url:https://github.com/hardenedvault/ved

Trust: 0.1

title:SVG-advisoriesurl:https://github.com/EGI-Federation/SVG-advisories

Trust: 0.1

title: - url:https://github.com/makoto56/penetration-suite-toolkit

Trust: 0.1

sources: VULMON: CVE-2021-33909

EXTERNAL IDS

db:NVDid:CVE-2021-33909

Trust: 2.0

db:PACKETSTORMid:165477

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2021/08/25/10

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/09/17/2

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/09/17/4

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/07/22/7

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/07/20/1

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/09/21/1

Trust: 1.0

db:PACKETSTORMid:164155

Trust: 1.0

db:PACKETSTORMid:163671

Trust: 1.0

db:PACKETSTORMid:163621

Trust: 1.0

db:VULMONid:CVE-2021-33909

Trust: 0.1

db:PACKETSTORMid:163682

Trust: 0.1

db:PACKETSTORMid:163747

Trust: 0.1

db:PACKETSTORMid:163578

Trust: 0.1

db:PACKETSTORMid:163590

Trust: 0.1

db:PACKETSTORMid:163594

Trust: 0.1

db:PACKETSTORMid:163597

Trust: 0.1

db:PACKETSTORMid:163599

Trust: 0.1

db:PACKETSTORMid:163602

Trust: 0.1

sources: VULMON: CVE-2021-33909 // PACKETSTORM: 163682 // PACKETSTORM: 163747 // PACKETSTORM: 165477 // PACKETSTORM: 163578 // PACKETSTORM: 163590 // PACKETSTORM: 163594 // PACKETSTORM: 163597 // PACKETSTORM: 163599 // PACKETSTORM: 163602 // NVD: CVE-2021-33909

REFERENCES

url:http://packetstormsecurity.com/files/164155/kernel-live-patch-security-notice-lsn-0081-1.html

Trust: 1.0

url:https://www.debian.org/security/2021/dsa-4941

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html

Trust: 1.0

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015

Trust: 1.0

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html

Trust: 1.0

url:http://packetstormsecurity.com/files/163621/sequoia-a-deep-root-in-linuxs-filesystem-layer.html

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/09/17/4

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/07/22/7

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z4uhhigiso3fvrf4cqnjs4ika25atsfu/

Trust: 1.0

url:http://packetstormsecurity.com/files/163671/kernel-live-patch-security-notice-lsn-0079-1.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html

Trust: 1.0

url:https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.13.4

Trust: 1.0

url:http://packetstormsecurity.com/files/165477/kernel-live-patch-security-notice-lsn-0083-1.html

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20210819-0004/

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/09/21/1

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/08/25/10

Trust: 1.0

url:https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Trust: 1.0

url:https://www.openwall.com/lists/oss-security/2021/07/20/1

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/09/17/2

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-33909

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-006

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-33034

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33034

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33910

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23134

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32399

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33910

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2763

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28469

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29418

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28851

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28469

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3377

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21272

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29477

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29478

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23839

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21322

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3653

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25020

Trust: 0.1

url:https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2723

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2727

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-63.71~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1041.43

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1038.40

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5016-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1041.43~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.8.0-63.71

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1037.38~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1039.42

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1032.35

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3506

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1037.38

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1039.42~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1033.36

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1038.40~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26558

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33200

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5018-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24586

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24587

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31829

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26139

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2720

Trust: 0.1

sources: PACKETSTORM: 163682 // PACKETSTORM: 163747 // PACKETSTORM: 165477 // PACKETSTORM: 163578 // PACKETSTORM: 163590 // PACKETSTORM: 163594 // PACKETSTORM: 163597 // PACKETSTORM: 163599 // PACKETSTORM: 163602 // NVD: CVE-2021-33909

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 163682 // PACKETSTORM: 163747 // PACKETSTORM: 163578 // PACKETSTORM: 163590 // PACKETSTORM: 163594 // PACKETSTORM: 163602

SOURCES

db:VULMONid:CVE-2021-33909
db:PACKETSTORMid:163682
db:PACKETSTORMid:163747
db:PACKETSTORMid:165477
db:PACKETSTORMid:163578
db:PACKETSTORMid:163590
db:PACKETSTORMid:163594
db:PACKETSTORMid:163597
db:PACKETSTORMid:163599
db:PACKETSTORMid:163602
db:NVDid:CVE-2021-33909

LAST UPDATE DATE

2026-06-30T20:12:48.329000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-33909date:2023-11-07T00:00:00
db:NVDid:CVE-2021-33909date:2026-06-17T03:55:21.607

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-33909date:2021-07-20T00:00:00
db:PACKETSTORMid:163682date:2021-07-27T14:47:55
db:PACKETSTORMid:163747date:2021-08-06T14:02:37
db:PACKETSTORMid:165477date:2022-01-06T18:14:08
db:PACKETSTORMid:163578date:2021-07-21T16:02:03
db:PACKETSTORMid:163590date:2021-07-21T16:03:37
db:PACKETSTORMid:163594date:2021-07-21T16:04:11
db:PACKETSTORMid:163597date:2021-07-21T16:04:29
db:PACKETSTORMid:163599date:2021-07-21T16:04:42
db:PACKETSTORMid:163602date:2021-07-21T16:05:06
db:NVDid:CVE-2021-33909date:2021-07-20T19:15:09.747