QID 671047

The kernel package contains the linux kernel (vmlinuz), the core of any linux operating system.
the kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Pi futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka cid-34b1a1ce1458.(cve-2021-3347) a flaw was found in the can bcm networking protocol in the linux kernel, where a local attacker can abuse a flaw in the can subsystem to corrupt memory, crash the system or escalate privileges.(cve-2021-3609) a flaw in arch/arm64/kernel/sys.c in the linux kernel allows local users to bypass the strict page permissions protection mechanism and modify the system-call table and, consequently, gain privileges by leveraging write access.(cve-2015-8967) improper access control in bluez may allow an authenticated user to potentially enable information disclosure via adjacent access.(cve-2021-0129) the linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the cipso and calipso refcounting for the doi definitions is mishandled, aka cid-ad5d07f4a9cd.
This leads to writing an arbitrary value.(cve-2021-33033) an out-of-bounds (oob) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the multi-device driver module in the linux kernel before 5.12.
A bound check failure allows an attacker with special user (cap_sys_admin) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
A local user could use this flaw to crash the system.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.