ID

VAR-202103-1442


CVE

CVE-2021-28375


TITLE

Linux Kernel  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-004458

DESCRIPTION

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Vendor is responsible for this vulnerability CID-20c40794eb85 It is published as. This vulnerability is CVE-2019-2308 Vulnerabilities related to.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. ========================================================================== Ubuntu Security Notice USN-4949-1 May 11, 2021 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3489) Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3491) It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch\xf6nherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375) It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264) It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29266) It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash). A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: linux-image-5.8.0-1024-raspi 5.8.0-1024.27 linux-image-5.8.0-1024-raspi-nolpae 5.8.0-1024.27 linux-image-5.8.0-1027-kvm 5.8.0-1027.29 linux-image-5.8.0-1029-oracle 5.8.0-1029.30 linux-image-5.8.0-1031-gcp 5.8.0-1031.32 linux-image-5.8.0-1032-azure 5.8.0-1032.34 linux-image-5.8.0-1033-aws 5.8.0-1033.35 linux-image-5.8.0-53-generic 5.8.0-53.60 linux-image-5.8.0-53-generic-64k 5.8.0-53.60 linux-image-5.8.0-53-generic-lpae 5.8.0-53.60 linux-image-5.8.0-53-lowlatency 5.8.0-53.60 linux-image-aws 5.8.0.1033.35 linux-image-azure 5.8.0.1032.32 linux-image-gcp 5.8.0.1031.31 linux-image-generic 5.8.0.53.58 linux-image-generic-64k 5.8.0.53.58 linux-image-generic-lpae 5.8.0.53.58 linux-image-gke 5.8.0.1031.31 linux-image-kvm 5.8.0.1027.29 linux-image-lowlatency 5.8.0.53.58 linux-image-oem-20.04 5.8.0.53.58 linux-image-oracle 5.8.0.1029.28 linux-image-raspi 5.8.0.1024.27 linux-image-raspi-nolpae 5.8.0.1024.27 linux-image-virtual 5.8.0.53.58 Ubuntu 20.04 LTS: linux-image-5.8.0-53-generic 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-generic-64k 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-generic-lpae 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-lowlatency 5.8.0-53.60~20.04.1 linux-image-generic-64k-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-generic-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-generic-lpae-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-lowlatency-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-virtual-hwe-20.04 5.8.0.53.60~20.04.37 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4949-1 CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375, CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646, CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491 Package Information: https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60 https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35 https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34 https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32 https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29 https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30 https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27 https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1

Trust: 2.16

sources: NVD: CVE-2021-28375 // JVNDB: JVNDB-2021-004458 // VULHUB: VHN-387803 // PACKETSTORM: 162167 // PACKETSTORM: 162695 // PACKETSTORM: 162541 // PACKETSTORM: 162550 // PACKETSTORM: 162543

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.11.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.106

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.24

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.1

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:linuxmodel:kernelscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004458 // NVD: CVE-2021-28375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-28375
value: HIGH

Trust: 1.0

NVD: CVE-2021-28375
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202103-961
value: HIGH

Trust: 0.6

VULHUB: VHN-387803
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-28375
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-387803
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-28375
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-28375
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-387803 // JVNDB: JVNDB-2021-004458 // CNNVD: CNNVD-202103-961 // NVD: CVE-2021-28375

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-387803 // JVNDB: JVNDB-2021-004458 // NVD: CVE-2021-28375

THREAT TYPE

local

Trust: 1.1

sources: PACKETSTORM: 162167 // PACKETSTORM: 162695 // PACKETSTORM: 162541 // PACKETSTORM: 162550 // PACKETSTORM: 162543 // CNNVD: CNNVD-202103-961

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-961

PATCH

title:restrict user apps from sending kernel RPC messagesurl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMRQVOTASD3VZP6GE4JJHE27QU6FHTZ6/

Trust: 0.8

title:Linux kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144241

Trust: 0.6

sources: JVNDB: JVNDB-2021-004458 // CNNVD: CNNVD-202103-961

EXTERNAL IDS

db:NVDid:CVE-2021-28375

Trust: 3.0

db:PACKETSTORMid:162167

Trust: 0.8

db:PACKETSTORMid:162695

Trust: 0.8

db:PACKETSTORMid:162541

Trust: 0.8

db:JVNDBid:JVNDB-2021-004458

Trust: 0.8

db:CNNVDid:CNNVD-202103-961

Trust: 0.7

db:AUSCERTid:ESB-2021.1231

Trust: 0.6

db:AUSCERTid:ESB-2021.1307

Trust: 0.6

db:AUSCERTid:ESB-2021.1299

Trust: 0.6

db:AUSCERTid:ESB-2021.2136

Trust: 0.6

db:AUSCERTid:ESB-2021.1623

Trust: 0.6

db:AUSCERTid:ESB-2021.2606

Trust: 0.6

db:AUSCERTid:ESB-2021.1766

Trust: 0.6

db:AUSCERTid:ESB-2021.1694

Trust: 0.6

db:PACKETSTORMid:162550

Trust: 0.2

db:PACKETSTORMid:162543

Trust: 0.2

db:VULHUBid:VHN-387803

Trust: 0.1

sources: VULHUB: VHN-387803 // JVNDB: JVNDB-2021-004458 // PACKETSTORM: 162167 // PACKETSTORM: 162695 // PACKETSTORM: 162541 // PACKETSTORM: 162550 // PACKETSTORM: 162543 // CNNVD: CNNVD-202103-961 // NVD: CVE-2021-28375

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-28375

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20210401-0003/

Trust: 1.7

url:https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/

Trust: 1.0

url:https://lore.kernel.org/stable/yd03ew7+6v0xph6l%40kroah.com/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xaunydtge6mb4nwl2sihpcodclet3jzb/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tjpvqzpy3dhpv5i3ivnmsmo6d3pkzisx/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xaunydtge6mb4nwl2sihpcodclet3jzb/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tjpvqzpy3dhpv5i3ivnmsmo6d3pkzisx/

Trust: 0.7

url:https://lore.kernel.org/stable/yd03ew7+6v0xph6l@kroah.com/

Trust: 0.7

url:https://source.android.com/security/bulletin/2021-08-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1623

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1766

Trust: 0.6

url:https://packetstormsecurity.com/files/162167/ubuntu-security-notice-usn-4911-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2606

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1307

Trust: 0.6

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202110-0000001162680040

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-28375

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1231

Trust: 0.6

url:https://packetstormsecurity.com/files/162695/ubuntu-security-notice-usn-4945-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2136

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-fastrpc-internal-invoke-34854

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1299

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1694

Trust: 0.6

url:https://packetstormsecurity.com/files/162541/ubuntu-security-notice-usn-4945-1.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-25639

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-29650

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-28038

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-29265

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30002

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-4945-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-28660

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-29646

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-4911-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1021.22

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28950

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1035.38

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1035.38~18.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4945-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1047.49~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1043.45

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1047.49

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1043.46~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1015.16

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1015.16~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1044.47~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1043.46

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1048.50~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.4.0-73.82

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1039.40

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-73.82~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1045.49

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1043.45~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1048.50

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26930

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4949-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29266

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3489

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26931

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29264

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3490

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35519

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4947-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1056.60

Trust: 0.1

sources: VULHUB: VHN-387803 // JVNDB: JVNDB-2021-004458 // PACKETSTORM: 162167 // PACKETSTORM: 162695 // PACKETSTORM: 162541 // PACKETSTORM: 162550 // PACKETSTORM: 162543 // CNNVD: CNNVD-202103-961 // NVD: CVE-2021-28375

CREDITS

Ubuntu

Trust: 1.1

sources: PACKETSTORM: 162167 // PACKETSTORM: 162695 // PACKETSTORM: 162541 // PACKETSTORM: 162550 // PACKETSTORM: 162543 // CNNVD: CNNVD-202103-961

SOURCES

db:VULHUBid:VHN-387803
db:JVNDBid:JVNDB-2021-004458
db:PACKETSTORMid:162167
db:PACKETSTORMid:162695
db:PACKETSTORMid:162541
db:PACKETSTORMid:162550
db:PACKETSTORMid:162543
db:CNNVDid:CNNVD-202103-961
db:NVDid:CVE-2021-28375

LAST UPDATE DATE

2024-11-23T19:38:10.423000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-387803date:2023-02-24T00:00:00
db:JVNDBid:JVNDB-2021-004458date:2021-11-22T08:57:00
db:CNNVDid:CNNVD-202103-961date:2022-07-14T00:00:00
db:NVDid:CVE-2021-28375date:2024-11-21T05:59:36.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-387803date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2021-004458date:2021-11-22T00:00:00
db:PACKETSTORMid:162167date:2021-04-13T22:55:55
db:PACKETSTORMid:162695date:2021-05-19T14:19:27
db:PACKETSTORMid:162541date:2021-05-12T13:50:45
db:PACKETSTORMid:162550date:2021-05-12T13:52:46
db:PACKETSTORMid:162543date:2021-05-12T13:51:05
db:CNNVDid:CNNVD-202103-961date:2021-03-15T00:00:00
db:NVDid:CVE-2021-28375date:2021-03-15T05:15:13.740