Log - Arch Linux

AVG-2557 edited at 28 Nov 2021 17:53:36

Status

-	Vulnerable
+	Unknown

AVG-1741 edited at 27 Nov 2021 13:11:11

Issues

	CVE-2021-3542
	CVE-2021-3669
	CVE-2021-3752
	CVE-2021-3759
	CVE-2021-3847
	CVE-2021-4001
+	CVE-2021-4023
	CVE-2021-29648
	CVE-2021-30178
	CVE-2021-43975
	CVE-2021-43976

AVG-2524 edited at 27 Nov 2021 13:10:48

Issues

	CVE-2021-3759
	CVE-2021-4001
	CVE-2021-4002
+	CVE-2021-4023

AVG-2523 edited at 27 Nov 2021 13:10:26

Issues

	CVE-2021-3759
+	CVE-2021-4023

AVG-2522 edited at 27 Nov 2021 13:10:18

Issues

	CVE-2021-3759
+	CVE-2021-4023

CVE-2021-4023 edited at 27 Nov 2021 13:09:36

References

	https://bugzilla.redhat.com/show_bug.cgi?id=2026484
	https://lkml.org/lkml/2021/9/8/64
-	https://git.kernel.dk/cgit/linux-block/commit/?h=io_uring-5.15&id=713b9825a4c47897f66ad69409581e7734a8728e
+	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=713b9825a4c47897f66ad69409581e7734a8728e

CVE-2021-4023 created at 27 Nov 2021 13:09:19

Severity

Low

Remote

Local

Type

+	Denial of service

Description

A security issue was found in the io-workqueue implementation in the Linux kernel before version 5.15. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This allows a local user with permissions to execute io-uring requests to possible crash the system.

References

+	https://bugzilla.redhat.com/show_bug.cgi?id=2026484
+	https://lkml.org/lkml/2021/9/8/64
+	https://git.kernel.dk/cgit/linux-block/commit/?h=io_uring-5.15&id=713b9825a4c47897f66ad69409581e7734a8728e

Notes

AVG-2591 edited at 27 Nov 2021 13:03:37

Severity

-	Unknown
+	Medium

CVE-2021-4024 edited at 27 Nov 2021 13:03:37

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

A security issue was found in Podman. The "podman machine" function (used to create and manage Podman virtual machine containing a Podman process) spawns a "gvproxy" process on the host system. The "gvproxy" API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use "gvproxy" API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

References

+	https://bugzilla.redhat.com/show_bug.cgi?id=2026675
+	https://twitter.com/discordianfish/status/1463462371675066371

Notes

AVG-2591 created at 27 Nov 2021 13:01:33

Packages

podman

Issues

+	CVE-2021-4024

Status

+	Vulnerable

Severity

Unknown

Affected

3.4.2-1

Fixed

Ticket

Advisory qualified

Yes

References

Notes

CVE-2021-4024 created at 27 Nov 2021 13:01:33

AVG-2590 edited at 27 Nov 2021 12:59:54

Severity

-	Unknown
+	Low

CVE-2021-4022 edited at 27 Nov 2021 12:59:54

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Denial of service

Description

+	A specially crafted binary can make rizin segfault when it tries to analyze it (doing a full analysis with aaa).

References

+	https://github.com/rizinorg/rizin/issues/2015
+	https://github.com/rizinorg/rizin/pull/2031
+	https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d

Notes