漏洞信息详情
Linux kernel 命令注入漏洞
- CNNVD编号:CNNVD-202104-471 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-29154
- 漏洞类型: 命令注入
- 发布时间: 2021-04-08
- 威胁类型: 本地
- 更新时间: 2021-12-01
- 厂 商:
- 漏洞来源: Benjamin M. Romer
-
漏洞简介
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel 存在命令注入漏洞,该漏洞源于BPF JIT compilers编译器中不正确的计算,攻击者可利用该漏洞执行任意代码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
参考网址
来源:MISC
链接:https://www.openwall.com/lists/oss-security/2021/04/08/1
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
来源:MISC
链接:https://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210604-0006/
来源:MISC
链接:https://news.ycombinator.com/item?id=26757760
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162216/Ubuntu-Security-Notice-USN-4917-1.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164282/Red-Hat-Security-Advisory-2021-3653-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090130
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2217
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162303/Ubuntu-Security-Notice-USN-4916-2.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1962
来源:source.android.com
链接:https://source.android.com/security/bulletin/pixel/2021-07-01
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162168/Ubuntu-Security-Notice-USN-4912-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1307
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2957
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1669
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3211
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1372
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1251
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2368
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3015
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1299
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1331
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1694
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1819
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Linux-kernel-code-execution-via-BPF-Branch-Displacements-35035
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1635
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1655
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2589
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164076/Red-Hat-Security-Advisory-2021-3454-01.html
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6520472
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-29154
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021092811
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2136
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-29154
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163987/Red-Hat-Security-Advisory-2021-3327-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2291
受影响实体
暂无
补丁
- Linux kernel 安全漏洞的修复措施<!--2021-4-8-->
还没有评论,来说两句吧...