jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1132d88d2
cvrf2cusa/cvrf/2021/cvrf-openEuler-SA-2021-1453.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

199 lines
18 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2021-1453</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2021-12-07</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2021-12-07</InitialReleaseDate>
<CurrentReleaseDate>2021-12-07</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2021-12-07</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">kernel security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">The Linux Kernel, the operating system core itself.
Security Fix(es):
A memory overflow vulnerability was found in the Linux kernels ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-3759)
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.(CVE-2021-3753)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">kernel</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1453</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3759</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3753</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3759</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-3753</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">openEuler-20.03-LTS-SP2</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-debuginfo-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debuginfo-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debugsource-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-source-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-devel-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-debuginfo-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-debuginfo-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-devel-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-debuginfo-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python2-perf-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-debuginfo-4.19.90-2111.7.0.0125.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-tools-devel-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-devel-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python2-perf-debuginfo-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">perf-debuginfo-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-tools-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-perf-debuginfo-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">perf-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-perf-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-source-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">bpftool-debuginfo-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">bpftool-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-debuginfo-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-debugsource-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python2-perf-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python2-perf-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-tools-debuginfo-4.19.90-2111.7.0.0124.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="kernel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2111.7.0.0125.oe1.src.rpm</FullProductName>
<FullProductName ProductID="kernel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-4.19.90-2111.7.0.0124.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-debuginfo-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debuginfo-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debugsource-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-source-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-devel-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-debuginfo-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-debuginfo-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-devel-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-debuginfo-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python2-perf-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2111.7.0.0125" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-debuginfo-4.19.90-2111.7.0.0125.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-tools-devel-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-devel-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python2-perf-debuginfo-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">perf-debuginfo-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-tools-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-perf-debuginfo-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">perf-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python3-perf-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-source-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">bpftool-debuginfo-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">bpftool-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-debuginfo-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-debugsource-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python2-perf-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">python2-perf-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2111.7.0.0124" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">kernel-tools-debuginfo-4.19.90-2111.7.0.0124.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A memory overflow vulnerability was found in the Linux kernels ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.</Note>
</Notes>
<ReleaseDate>2021-12-07</ReleaseDate>
<CVE>CVE-2021-3759</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2021-12-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1453</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.</Note>
</Notes>
<ReleaseDate>2021-12-07</ReleaseDate>
<CVE>CVE-2021-3753</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>4.7</BaseScore>
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2021-12-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1453</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink