A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This is the proof of concept exploit produced by Google.
7e21453bd35ea03ac243c883156335ec9936d2ef9ea62d6308ff99dc3b26d7a5
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Other vulnerabilities have also been addressed.
ddd1e7fc677c2b02d3351058bf31466aa231865f93abfb9cdfa1d1ca55622f8d
Red Hat Security Advisory 2021-3812-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and out of bounds write vulnerabilities.
d2eac6f1add09be972a2780c9efa45b78b7848496f88beb863ed2785ea677c2b
Red Hat Security Advisory 2021-3814-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass and out of bounds write vulnerabilities.
3b1a2d1cc68dcb5014deed6689fcfa5c1174b58abbd6f4aaeb3a5cb1167ea7dd
A heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through user name space. Kernels up to and including 5.11 are vulnerable.
7caefc49d920cc0b0d58e9ad762b7ffbd02e62e1e3225217c8586f8867ea42e8
Red Hat Security Advisory 2021-3725-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and out of bounds write vulnerabilities.
7f735d3b9f335568e537bf87b297d4d999b27ae17dfdcdf3cbb9a64d9adf1e4d
Red Hat Security Advisory 2021-3653-01 - Red Hat Advanced Cluster Management 2.1.11 security fix and container updates are available.
15f863255ce01b9af4125b6f699165597020889114335a232c7f75076dc7e35c
Red Hat Security Advisory 2021-3598-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
3a62781802214e6eb77a0d28fc9fa05ebee3d12366b8219cccc000ace400db7e
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other vulnerabilities were also addressed.
051e461652f3d7e1d5f1bd5ab2e8d9f2f9a398877fa90de84818f4955d1a2074
Red Hat Security Advisory 2021-3522-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.
278d2ed0c28bf6ba05340a155eedabad14fb059810dc71e27737038d8af09c83
Red Hat Security Advisory 2021-3523-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
bdb0a589be9a82bc80e26fb172ccb2ff8eb347e0cd4360a09c342425bdded3fb
Red Hat Security Advisory 2021-3477-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution, out of bounds write, and use-after-free vulnerabilities.
7dba6acf5672fd4d58b17b842295a37b3063e17a6e0780b04cab5d26aa25cbaf
Red Hat Security Advisory 2021-3454-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.
ededc503492f31daf90a74b29a6e64b1e7ee98978cd963f10901af9667484f8e
Red Hat Security Advisory 2021-3262-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.28.
f37b42defebec364c01fe40a389041ab038a2ebaa9c66663dc7cc5a6686caeaf
Red Hat Security Advisory 2021-3399-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.
4494ee8b7be74847e36f59f258843bd1c2d73737a8e168d20950d6eff4f12b59
Red Hat Security Advisory 2021-3381-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
64ce0e25045c339f14c4a8015442e0483e1eed693fd40f56c2b86d3191f7fd92
Red Hat Security Advisory 2021-3363-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
1f8f21e611320f4e79e73a3064cf1dab34e3b8f319ead8c25c286bd61668aeb0
Red Hat Security Advisory 2021-3327-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, out of bounds write, and privilege escalation vulnerabilities.
b20ba2534d111110aaf1bd0add4dc3ab65b04821835470cce71af9635bd44116
Red Hat Security Advisory 2021-3328-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and privilege escalation vulnerabilities.
4f52d608a26aeced8b46022c6a00a641c50b6115116bab7260c93d4977dbab6a
Red Hat Security Advisory 2021-3380-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
9161de7815c9e09218556b1e1c9ba84b4482049c547b905f2b2aed15769d346a
Red Hat Security Advisory 2021-3375-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
3c42c7d7a3330ceecd8088a3c0d1507737c090dc39a9cee63488a3848aae6ae1
Red Hat Security Advisory 2021-3361-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a memory exhaustion vulnerability.
fa8792e889cba4980e5e69cc42c59e3108310c2072dfb34fffb0c3a8644d9099
Red Hat Security Advisory 2021-3321-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.
851ca164d09e57cc1cdce90971357142a9a5fc493377a1dacc6c0d53b0d73c12
Red Hat Security Advisory 2021-3235-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, bypass, code execution, out of bounds write, and privilege escalation vulnerabilities.
f286c4f6d85e2f33403a2dacd758e8f35f083b2b3b3b066fb546a1d7034c2479
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
4af31b963bddcf331a7037ea35c40e4fbfd445f815d8756856219abad1f16c71