Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-28688

Published: 06/04/2021 Updated: 27/05/2022
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Linux Kernel

Vulnerability Summary

It exists that the aufs file system in the Linux kernel did not properly maintain POSIX ACL xattr data, when mounted with the non-default allow_userns option. A local attacker could possibly use this to gain elevated privileges. (CVE-2016-2854) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 9.0

Vendor Advisories

Ubuntu Security Notice: USN-5343-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Amazon Linux AMI: ALAS-2021-1503
kernel: refcount leak in llcp_sock_bind() (CVE-2020-25670) kernel: refcount leak in llcp_sock_connect() (CVE-2020-25671) kernel: memory leak in llcp_sock_connect() (CVE-2020-25672) An issue was discovered in the Linux kernel related to mm/gupc and mm/huge_memoryc The get_user_pages (aka gup) implementation, when used for a copy-on-write page, do ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-002
An issue was discovered in the Linux kernel Fastrpc_internal_invoke in drivers/misc/fastrpcc does not prevent user applications from sending kernel RPC messages This is a related issue to CVE-2019-2308 (CVE-2021-28375) A flaw was found in the Linux kernel The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array The hi ...
Amazon Linux 2: ALAS2-2021-1627
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (CVE-2019-19060) A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel The code in the kernel/bpf/verifier ...
Arch Linux Issues:
A security issue was found in the Linux kernel before version 51111, as used by Xen A malicious or buggy frontend driver may be able to cause resource leaks from the corresponding backend driver This can result in a host-wide Denial of Sevice (DoS) ...
Citrix Security Bulletins: Citrix Hypervisor Security Update
Two security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow privileged code in a guest VM to cause the host to crash or become unresponsive ...

References

CWE-665https://xenbits.xenproject.org/xsa/advisory-371.txthttps://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlhttps://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlhttps://ubuntu.com/security/notices/USN-5343-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook