漏洞信息详情
Linux kernel 缓冲区错误漏洞
- CNNVD编号:CNNVD-202107-321 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-22555
- 漏洞类型: 缓冲区错误
- 发布时间: 2021-07-07
- 威胁类型: 本地
- 更新时间: 2021-12-01
- 厂 商:
- 漏洞来源: Andy Nguyen
-
漏洞简介
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel存在缓冲区错误漏洞,该漏洞源于net/netfilter/x_tables.c 中的堆越界写入。该漏洞允许攻击者通过用户名空间获得权限或引起 DoS。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
参考网址
来源:MISC
链接:https://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
来源:MISC
链接:https://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210805-0010/
来源:MISC
链接:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
来源:MISC
链接:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
来源:MISC
链接:https://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
来源:MISC
链接:https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
来源:MISC
链接:https://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090130
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2899
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2655
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3304
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2583
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2621
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090924
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090129
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3070
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-via-xt-compat-match-from-user-35919
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021083123
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2547
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2589
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163999/Red-Hat-Security-Advisory-2021-3381-01.html
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6520472
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164012/Red-Hat-Security-Advisory-2021-3399-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2752
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2597
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2794
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3168
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163822/Ubuntu-Security-Notice-USN-5039-1.html
来源:cxsecurity.com
链接:https://cxsecurity.com/issue/WLB-2021070136
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021082206
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164282/Red-Hat-Security-Advisory-2021-3653-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2959
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164028/Red-Hat-Security-Advisory-2021-3262-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3211
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2444
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3015
来源:cxsecurity.com
链接:https://cxsecurity.com/issue/WLB-2021070103
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164102/Red-Hat-Security-Advisory-2021-3477-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-22555
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3050
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021101336
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164223/Red-Hat-Security-Advisory-2021-3598-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163767/Red-Hat-Security-Advisory-2021-3044-01.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-22555
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164076/Red-Hat-Security-Advisory-2021-3454-01.html
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/50135
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164477/Red-Hat-Security-Advisory-2021-3814-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2452
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021092811
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2691
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2773
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021100618
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3388
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163865/Red-Hat-Security-Advisory-2021-3173-01.html
受影响实体
暂无
补丁
- Linux kernel 缓冲区错误漏洞的修复措施<!--2021-7-7-->
还没有评论,来说两句吧...