exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2021-28688

Status Candidate

Overview

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.

Related Files

Ubuntu Security Notice USN-5343-1
Posted Mar 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449, CVE-2020-12655, CVE-2020-25670, CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555, CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688, CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483, CVE-2021-3506, CVE-2021-3564
SHA-256 | f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1
Ubuntu Security Notice USN-4984-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4984-1 - Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2021-28038, CVE-2021-28660, CVE-2021-28688, CVE-2021-28950, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29647, CVE-2021-30002, CVE-2021-31916, CVE-2021-33033, CVE-2021-3483
SHA-256 | 47d0f4a3952d8cf4b938ec83f7efd85bdb8431f9f1a68e359b4de49fcf50d2ed
Ubuntu Security Notice USN-4982-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4982-1 - Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service. Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-25670, CVE-2020-25673, CVE-2021-28688, CVE-2021-28950, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29264, CVE-2021-29647, CVE-2021-31916, CVE-2021-3483
SHA-256 | 30a5afa51a330465bbea0807650492fe79f27388cc8ee9ac30d0e02a89f6de63
Ubuntu Security Notice USN-4948-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4948-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25670, CVE-2021-28688, CVE-2021-28951, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29264, CVE-2021-29266, CVE-2021-29646, CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-29657, CVE-2021-31916, CVE-2021-3483, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
SHA-256 | 957eb73e74d19d4c62c7116de0b476cf551491d297e087fb9602eff91b7ee985
Ubuntu Security Notice USN-4946-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4946-1 - It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schoenherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20292, CVE-2021-26930, CVE-2021-26931, CVE-2021-28038, CVE-2021-28688, CVE-2021-29264, CVE-2021-29265, CVE-2021-29650, CVE-2021-30002
SHA-256 | 9dc6b159df273d7bcc3668b236d471f14d62790286458313509fbc9eb23c7579
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close