{"id":"ALSA-2021:4356","summary":"Moderate: kernel security, bug fix, and enhancement update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n* kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt()  (CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n* kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n* kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)","modified":"2026-02-04T03:58:02.005358Z","published":"2021-11-09T09:08:02Z","related":["CVE-2020-0427","CVE-2020-24502","CVE-2020-24503","CVE-2020-24504","CVE-2020-24586","CVE-2020-24587","CVE-2020-24588","CVE-2020-26139","CVE-2020-26140","CVE-2020-26141","CVE-2020-26143","CVE-2020-26144","CVE-2020-26145","CVE-2020-26146","CVE-2020-26147","CVE-2020-27777","CVE-2020-29368","CVE-2020-29660","CVE-2020-36158","CVE-2020-36386","CVE-2021-0129","CVE-2021-20194","CVE-2021-20239","CVE-2021-23133","CVE-2021-28950","CVE-2021-28971","CVE-2021-29155","CVE-2021-29646","CVE-2021-29650","CVE-2021-31440","CVE-2021-31829","CVE-2021-31916","CVE-2021-33200","CVE-2021-3348","CVE-2021-3489","CVE-2021-3564","CVE-2021-3573","CVE-2021-3600","CVE-2021-3635","CVE-2021-3659","CVE-2021-3679","CVE-2021-3732"],"references":[{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-14615"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-0427"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-24502"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-24503"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-24504"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-24586"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-24587"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-24588"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26139"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26140"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26141"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26143"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26144"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26145"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26146"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-26147"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-27777"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-29368"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-29660"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-36158"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-36312"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-36386"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-0129"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-20194"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-20239"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-23133"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-28950"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-28971"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-29155"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-29646"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-29650"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-31440"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-31829"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-31916"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-33033"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-33200"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3348"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3489"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3564"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3573"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3600"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3635"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3659"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3679"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3732"}],"affected":[{"package":{"name":"kernel-tools-libs-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-tools-libs-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4356.json"}}],"schema_version":"1.7.3"}