ALAS2-2021-1627 --- kernelID: oval:org.secpod.oval:def:1700610 | Date: (C)2021-04-28 (M)2024-05-22 |
Class: PATCH | Family: unix |
A memory leak in the adis_update_scan_mode function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service , aka CID-ab612b1daf41. A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind causing use-after-free which might lead to privilege escalations. A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect causing use-after-free which might lead to privilege escalations. A memory leak vulnerability was found in Linux kernel in llcp_sock_connect. A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality. A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the -
Product: |
kernel |
python-perf |
perf |