Redhat Enterprise Linux vulnerabilities

CVE-2021-3653 [HIGH] CWE-862 CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt

CVE-2021-40438 [CRITICAL] CWE-918 CVE-2021-40438: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-33285 [HIGH] CWE-787 CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is

CVE-2021-39251 [HIGH] CWE-476 CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 202 A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

CVE-2021-3634 [MEDIUM] CWE-787 CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shar A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically

CVE-2021-40153 [HIGH] CWE-22 CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; t squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

CVE-2021-3605 [MEDIUM] CWE-119 CVE-2021-3605: There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

CVE-2021-3573 [MEDIUM] CWE-362 CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in t A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local u

CVE-2021-3635 [MEDIUM] CWE-119 CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user w A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.

CVE-2021-20314 [CRITICAL] CWE-787 CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead t Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

CVE-2021-38160 [HIGH] CWE-120 CVE-2021-38160: In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be t In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in

CVE-2021-3580 [HIGH] CWE-20 CVE-2021-3580: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

CVE-2021-3682 [HIGH] CWE-763 CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It o A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code

CVE-2021-3679 [MEDIUM] CWE-400 CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

CVE-2021-3655 [LOW] CWE-909 CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validatio A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

CVE-2021-3570 [HIGH] CWE-119 CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwardin A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw

CVE-2021-3612 [HIGH] CWE-20 CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in ver An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well

CVE-2021-3571 [HIGH] CWE-119 CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-e A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw aff

CVE-2021-3598 [MEDIUM] CWE-119 CVE-2021-3598: There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An at There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

CVE-2021-3593 [LOW] CWE-824 CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Th An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest