QID 352366

<DIV ID="issue_overview"> kernel: refcount leak in llcp_sock_bind() (cve-2020-25670 ) kernel: refcount leak in llcp_sock_connect() (cve-2020-25671 ) kernel: memory leak in llcp_sock_connect() (cve-2020-25672 ) an issue was discovered in the linux kernel related to mm/gup.c and mm/huge_memory.c.
The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access. (
cve-2020-29374 ) a use-after-free flaw was found in the linux kernel's sctp socket functionality that triggers a race condition.
This flaw allows a local user to escalate their privileges on the system.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (
cve-2021-23133 ) the fix for xsa-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values.
This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.
The lack of cleanup would result in leaking persistent grants.
The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains.
All linux versions having the fix for xsa-365 applied are vulnerable.
Xsa-365 was classified to affect versions back to at least 3.11. (
cve-2021-28688 ) a race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the linux kernel in btrfs file-system.
This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation.
The highest threat from this vulnerability is to system availability. (
cve-2021-28964 ) a flaw was found in the linux kernel.
On some haswell cpus, userspace applications (such as perf-fuzzer) can cause a system crash because the pebs status in a pebs record is mishandled. (
cve-2021-28971 ) a flaw was found in the linux kernels ebpf implementation.
By default, accessing the ebpf verifier is only accessible to privileged users with cap_sys_admin.
a local user with the ability to insert ebpf instructions can abuse a flaw in ebpf to corrupt memory.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (
cve-2021-29154 ) a vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the linux kernel mechanism to mitigate speculatively out-of-bounds loads (spectre mitigation).
In this flaw a local, special user privileged (cap_sys_admin) bpf program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.
This can be abused to extract contents of kernel memory via side-channel. (
By default, accessing the ebpf verifier is only accessible to privileged users with cap_sys_admin.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.</DIV>

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.