VARIoT IoT vulnerabilities database

MikroTik RouterOS is a router operating system based on Linux developed by MikroTik in Latvia. The system can be deployed in a PC to provide router functions. RouterOS smb service has a denial of service vulnerability. Attackers can use this vulnerability to construct smb malicious connection requests, causing memory exhaustion attacks, which can lead to system restart.

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Linux Kernel Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. 7.6) - ppc64, ppc64le, x86_64 3. Bug Fix(es): * [infiniband] Backport Request to fix Multicast Sendonly joins (BZ#1937820) 4. Bugs fixed (https://bugzilla.redhat.com/): 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1901168 - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. 7) - noarch, x86_64 3. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z3 source tree (BZ#1906133) * [kernel-rt] WARNING: CPU: 8 PID: 586 at kernel/sched/core.c:3644 migrate_enable+0x15f/0x210 (BZ#1916123) * [kernel-rt-debug] [ BUG: bad unlock balance detected! ] [RHEL-7.9.z] (BZ#1916130) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:0336-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0336 Issue date: 2021-02-02 CVE Names: CVE-2020-15436 CVE-2020-35513 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * double free issue in filelayout_alloc_commit_info (BZ#1679980) * Regression: Plantronics Device SHS2355-11 PTT button does not work after update to 7.7 (BZ#1769502) * Openstack network node reports unregister_netdevice: waiting for qr-3cec0c92-9a to become free. Usage count = 1 (BZ#1809519) * dlm: add ability to interrupt waiting for acquire POSIX lock (BZ#1826858) * [Azure][RHEL7] soft lockups and performance loss occurring during final fsync with parallel dd writes to xfs filesystem in azure instance (BZ#1859364) * Guest crashed when hotplug vcpus on booting kernel stage (BZ#1866138) * soft lockup occurs while a thread group leader is waiting on tasklist_waiters in mm_update_next_owner() where a huge number of the thread group members are exiting and trying to take the tasklist_lock. (BZ#1872110) * [DELL EMC 7.6 BUG] Kioxia CM6 NVMe drive fails to enumerate (BZ#1883403) * [Hyper-V][RHEL7] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1888979) * Unable to discover the LUNs from new storage port (BZ#1889311) * RHEL 7.9 Kernel panic at ceph_put_snap_realm+0x21 (BZ#1890386) * A hard lockup occurrs where one task is looping in an sk_lock spinlock that has been taken by another task running timespec64_add_ns(). (BZ#1890911) * ethtool/mlx5_core provides incorrect SFP module info (BZ#1896756) * RHEL7.7 - zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (BZ#1896826) * RHEL7.7 - s390/dasd: Fix zero write for FBA devices (BZ#1896839) * [Azure]IP forwarding issue in netvsc[7.9.z] (BZ#1898280) * Security patch for CVE-2020-25212 breaks directory listings via 'ls' on NFS V4.2 shares mounted with selinux enabled labels (BZ#1917504) Enhancement(s): * RFE : handle better ERRbaduid on SMB1 (BZ#1847041) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1901168 - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c 1905208 - CVE-2020-35513 kernel: fix nfsd failure to clear umask after processing an open or create [rhel-7] 1911309 - CVE-2020-35513 kernel: Nfsd failure to clear umask after processing an open or create 1917504 - Security patch for CVE-2020-25212 breaks directory listings via 'ls' on NFS V4.2 shares mounted with selinux enabled labels 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.15.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.15.2.el7.noarch.rpm kernel-doc-3.10.0-1160.15.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.15.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.15.2.el7.x86_64.rpm perf-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.15.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.15.2.el7.noarch.rpm kernel-doc-3.10.0-1160.15.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.15.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.15.2.el7.x86_64.rpm perf-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.15.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.15.2.el7.noarch.rpm kernel-doc-3.10.0-1160.15.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.15.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-3.10.0-1160.15.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debug-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.15.2.el7.ppc64.rpm kernel-devel-3.10.0-1160.15.2.el7.ppc64.rpm kernel-headers-3.10.0-1160.15.2.el7.ppc64.rpm kernel-tools-3.10.0-1160.15.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.15.2.el7.ppc64.rpm perf-3.10.0-1160.15.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm python-perf-3.10.0-1160.15.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.15.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debug-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-devel-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-headers-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-tools-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.15.2.el7.ppc64le.rpm perf-3.10.0-1160.15.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm python-perf-3.10.0-1160.15.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.15.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.s390x.rpm kernel-3.10.0-1160.15.2.el7.s390x.rpm kernel-debug-3.10.0-1160.15.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.15.2.el7.s390x.rpm kernel-devel-3.10.0-1160.15.2.el7.s390x.rpm kernel-headers-3.10.0-1160.15.2.el7.s390x.rpm kernel-kdump-3.10.0-1160.15.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.15.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.15.2.el7.s390x.rpm perf-3.10.0-1160.15.2.el7.s390x.rpm perf-debuginfo-3.10.0-1160.15.2.el7.s390x.rpm python-perf-3.10.0-1160.15.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.15.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.15.2.el7.x86_64.rpm perf-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.15.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.15.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.15.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.15.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.15.2.el7.noarch.rpm kernel-doc-3.10.0-1160.15.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.15.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.15.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.15.2.el7.x86_64.rpm perf-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.15.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.15.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBlBsdzjgjWX9erEAQhTZhAAmSFzEZeB0CWYNaJ2PVwoFm4PA9rdYDyg G1j/plxrO6bczNEz+XDnAzRPrCbJRPPt6VJxjpLkb25ph0f5tQ+Q7Ph7sAefSbDX BLDjjvl+Wd1g2FEfIQ43wDp8UWuFCVVMF3ajJHFz9ROqrA/1hs0gj7ht9gXRlttT LSI67A08tEWRPtaf5c1M8h/IJtZiF4sfYDrfhp4mFRTZYybTvVjML+xf69Qq7o2D AsxbyKRVNQKC0Epm6C+Tzbw6SxhonrAQyjADWenQ8bCS2TF8WY2OZA7sNs7nddZu Ha/mCB2vSR2WCWLGxCLXTtsK3y52qPIyUn4mBmatJUIBcbJMnQbgZgWrEcTobsoD N5MWdqE6xGjct0KMz0fV6J9D5JWQjUN4O8K0vVQP4aoAX25jMWCq14RLLRUvusJm dLI59E5nN1pLMlADiAAh2Iceac/daIF9fvWn2XoF16/ZQNffa0yCiNFaDg+AW4Tg Z/b82VoOiz7uJWyv06TMcljafEaIxjpnjGmpKQ2qz8UYoxYYsnRyKpHJxLeiB53A TKbkiQJoFutNeUcbBSA6F6sqLlaJ7CtoyzxsVVwM+LtYF1iUXqC+Hp6Gs5NB8WXr JQSrrv0X0H7sAu7FHCyL/ygMQK/IiZKiPxiRBZJH6pJz5OL8GVKxR1CSZmHXvgKo QPLPtfMOGPs=Hdxh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, noarch, ppc64le 3. ========================================================================== Ubuntu Security Notice USN-4752-1 February 25, 2021 linux-oem-5.6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.6: Linux kernel for OEM systems Details: Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) It was discovered that the block layer implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-15436) It was discovered that the serial port driver in the Linux kernel did not properly initialize a pointer in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-15437) Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) It was discovered that the KVM hypervisor in the Linux kernel did not properly handle interrupts in certain situations. A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash). (CVE-2020-27152) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) Jann Horn discovered a race condition in the copy-on-write implementation in the Linux kernel when handling hugepages. A local attacker could use this to gain unintended write access to read-only memory pages. (CVE-2020-29368) Jann Horn discovered that the mmap implementation in the Linux kernel contained a race condition when handling munmap() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-29369) Jann Horn discovered that the romfs file system in the Linux kernel did not properly validate file system meta-data, leading to an out-of-bounds read. An attacker could use this to construct a malicious romfs image that, when mounted, exposed sensitive information (kernel memory). (CVE-2020-29371) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) It was discovered that a race condition existed that caused the Linux kernel to not properly restrict exit signal delivery. A local attacker could possibly use this to send signals to arbitrary processes. (CVE-2020-35508) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.6.0-1048-oem 5.6.0-1048.52 linux-image-oem-20.04 5.6.0.1048.44 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4752-1 CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437, CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815, CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369, CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52

Schneider-Electric M340 PLC is widely used in the field of industrial control. It is a high performance and stable operation controller. Schneider PLC-M340 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

Schneider-Electric M340 PLC is widely used in the field of industrial control. It is a high performance and stable operation controller. Schneider PLC-M340 has a denial of service vulnerability. Attackers can use this vulnerability to cause the device's CPU RUN light to go out, the CPU module, communication module, and output module ERR to turn on, and control services stop.

Tenda router is a router produced by Tenda company. Tenda router has an unauthorized access vulnerability, which can be used by attackers to obtain sensitive information.

RG-NBR700G is an Internet behavior management router launched by Ruijie. It is a router designed for all office scenarios. Ruijie Networks router RG-NBR700G has an unauthorized access vulnerability. Attackers can use this vulnerability to enter the main page address of the website console without having to enter a password without obtaining login permissions or unauthorized access. The viewed connection can be accessed and operated at the same time.

M580 is a PLC in Schneider's Modicon PLC series. It is the first high-end integrated controller built by Schneider Electric for the industrial Internet of Things architecture. Schneider PLC-M580 has a denial of service vulnerability. Attackers can use this vulnerability to stop the PLC control service, and can no longer use the I/O module to control the actuator, which can cause production interruptions and other accidents.

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. TP-Link Archer C9 There is a link interpretation vulnerability in.Information may be obtained and information may be tampered with

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Yuji Higashiuchi MrArbitrary code can be executed with the privileges of running the installer

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino is a server of collaborative client-server software platform

HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. HCL Domino is a server of collaborative client-server software platform. The vulnerability stems from improper validation of input provided by the user. Attackers can use this vulnerability to cause the server to crash

Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. Barco wePresent WiPG-1600W A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Barco wePresent WiPG-1600W is a management device used in conference environments from Barco in Belgium

The business scope of DEXUN Electronic Equipment (Shanghai) Co., Ltd. includes the wholesale of network equipment (not involved in value-added telecommunications services), computer software and hardware, electronic security products, and other electronic products. The DIR-822 AC 1200M wireless router has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains an information disclosure vulnerability.Information may be obtained

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. Modicon M221 There is a vulnerability in the lack of encryption of critical data.Information may be obtained

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. Easergy T300 There is an access control vulnerability in.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Easergy T300 is a new generation of distribution network automation intelligent terminal, adhering to the "modularity, flexibility, application-oriented" design concept, can be widely used in medium voltage distribution network management, fault location, isolation and recovery (FLISR), distributed energy integration Internet, energy growth and asset management. Easergy T300 2.7 and earlier versions have improper access control vulnerabilities

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet. Provided by Mitsubishi Electric Corporation MELSEC iQ-R Resource exhaustion vulnerabilities in series units (CWE-400) Exists This vulnerability information is provided by the developer for the purpose of making it known to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.Crafted by a remote third party SLMP Receiving packets can have the following effects: * CPU In the case of a unit, an error occurs and program execution and communication interfere with service operation. (DoS) Become in a state * CPU In the case of other than the unit, communication via the unit interferes with service operation. (DoS) In addition, a reset is required for recovery

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Modicon TM221 is a programmable controller of Schneider Electric (China) Co., Ltd., used for single device control architecture. Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Is vulnerable to inadequate random values.Information may be obtained and information may be tampered with

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)