what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2021-28691

Status Candidate

Overview

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

Related Files

Ubuntu Security Notice USN-5050-1
Posted Aug 24, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573, CVE-2021-38208
SHA-256 | 15f18b4a1645df7896d1474336043a68629898f3145352b2946dd200efd3f028
Download | Favorite | View
Ubuntu Security Notice USN-5046-1
Posted Aug 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587
SHA-256 | 911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399
Download | Favorite | View
Ubuntu Security Notice USN-5015-1
Posted Jul 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5015-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28691, CVE-2021-33909, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587
SHA-256 | 938c07de4b780e3bfb12805558bfd4d0031ce2064450b55479b032547a6502ec
Download | Favorite | View
Gentoo Linux Security Advisory 202107-30
Posted Jul 13, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-30 - Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.15.0-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-29479, CVE-2020-29486, CVE-2020-29487, CVE-2020-29566, CVE-2020-29567, CVE-2020-29568, CVE-2020-29569, CVE-2020-29570, CVE-2020-29571, CVE-2021-0089, CVE-2021-26313, CVE-2021-28687, CVE-2021-28690, CVE-2021-28691, CVE-2021-28692, CVE-2021-28693, CVE-2021-3308
SHA-256 | 36d5f476b51c23defc6f7d17ba7518ef98181a7154a78a23daa94e2802513ab7
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close