ALSA-2021:1578
- Source
- https://errata.almalinux.org/8/ALSA-2021-1578.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:1578.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2021:1578
- Related
- Published
- 2021-05-18T05:33:57Z
- Modified
- 2021-08-11T08:54:00Z
- Summary
- Important: kernel security, bug fix, and enhancement update
- Details
-
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
kernel: memory leak in sofsetgetlargectrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)
kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)
kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)
kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
kernel: use-after-free in usbsgcancel function in drivers/usb/core/message.c (CVE-2020-12464)
kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)
kernel: NULL pointer dereference in serial8250isainitports function in drivers/tty/serial/8250/8250core.c (CVE-2020-15437)
kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)
kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)
kernel: improper input validation in pppcpparse_cr function leads to memory corruption and read overflow (CVE-2020-25643)
kernel: perfeventparseaddrfilter memory (CVE-2020-25704)
kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)
kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
kernel: fork: fix copyprocess(CLONEPARENT) race with the exiting ->real_parent (CVE-2020-35508)
kernel: fuse: fusedogetattr() calls makebadinode() in inappropriate situations (CVE-2020-36322)
kernel: use after free in tungetuser of tun.c could lead to local escalation of privilege (CVE-2021-0342)
kernel: NULL pointer dereferences in ov511modeinitregs and ov518modeinitregs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
-
- https://vulners.com/cve/CVE-2019-18811
- https://vulners.com/cve/CVE-2019-19523
- https://vulners.com/cve/CVE-2019-19528
- https://vulners.com/cve/CVE-2020-0431
- https://vulners.com/cve/CVE-2020-11608
- https://vulners.com/cve/CVE-2020-12114
- https://vulners.com/cve/CVE-2020-12362
- https://vulners.com/cve/CVE-2020-12363
- https://vulners.com/cve/CVE-2020-12364
- https://vulners.com/cve/CVE-2020-12464
- https://vulners.com/cve/CVE-2020-14314
- https://vulners.com/cve/CVE-2020-14356
- https://vulners.com/cve/CVE-2020-15437
- https://vulners.com/cve/CVE-2020-24394
- https://vulners.com/cve/CVE-2020-25212
- https://vulners.com/cve/CVE-2020-25284
- https://vulners.com/cve/CVE-2020-25285
- https://vulners.com/cve/CVE-2020-25643
- https://vulners.com/cve/CVE-2020-25704
- https://vulners.com/cve/CVE-2020-27786
- https://vulners.com/cve/CVE-2020-27835
- https://vulners.com/cve/CVE-2020-28974
- https://vulners.com/cve/CVE-2020-35508
- https://vulners.com/cve/CVE-2020-36322
- https://vulners.com/cve/CVE-2021-0342
- https://vulners.com/cve/CVE-2021-0605