Slackware Linux update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 32 |
| CVE-ID | CVE-2021-33909 CVE-2019-19060 CVE-2019-19061 CVE-2021-28660 CVE-2021-20261 CVE-2021-29265 CVE-2019-16232 CVE-2021-28964 CVE-2021-28972 CVE-2021-28688 CVE-2021-3483 CVE-2021-29154 CVE-2021-22555 CVE-2020-25672 CVE-2020-25673 CVE-2020-25670 CVE-2020-25671 CVE-2021-33034 CVE-2017-0605 CVE-2021-31916 CVE-2020-26558 CVE-2021-0129 CVE-2020-24587 CVE-2020-24586 CVE-2020-24588 CVE-2020-26139 CVE-2020-26147 CVE-2021-29650 CVE-2021-32399 CVE-2021-3564 CVE-2021-3573 CVE-2021-34693 |
| CWE-ID | CWE-190 CWE-401 CWE-787 CWE-362 CWE-476 CWE-119 CWE-665 CWE-416 CWE-77 CWE-400 CWE-264 CWE-254 CWE-284 CWE-20 CWE-451 CWE-415 CWE-908 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Vulnerability #13 is being exploited in the wild. |
| Vulnerable software |
Slackware Linux Operating systems & Components / Operating system linux-4.4.276/kernel-headers Operating systems & Components / Operating system package or component linux-4.4.276/kernel-modules Operating systems & Components / Operating system package or component linux-4.4.276/kernel-huge Operating systems & Components / Operating system package or component linux-4.4.276/kernel-generic Operating systems & Components / Operating system package or component |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 32 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU55143
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-33909
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow during size_t-to-int conversion when creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. An unprivileged local user can write up to 10-byte string to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.
Successful exploitation of vulnerability may allow an attacker to exploit the our-of-bounds write vulnerability to execute arbitrary code with root privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Memory leak
EUVDB-ID: #VU24430
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19060
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode()" function in d"rivers/iio/imu/adis_buffer.c" file. A local user can perform a denial of service attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU24432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19061
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode_burst()" function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows a local user to cause a denial of service (memory consumption).
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU56817
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28660
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "rtw_wx_set_scan" in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c. A local user can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU91489
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-20261
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to a race condition within the set_fdc(), do_format(), user_reset_fdc(), set_geometry(), get_floppy_geometry(), fd_locked_ioctl(), floppy_check_events() and floppy_revalidate() functions in drivers/block/floppy.c. A local privileged user can execute arbitrary code.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU91488
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29265
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the usbip_sockfd_store() function in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Null pointer dereference
EUVDB-ID: #VU92782
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-16232
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU63573
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28964
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a race condition in the get_old_root() function in fs/btrfs/ctree.c component in the Linux kernel. A local user can exploit the race and perform a denial of service attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU56819
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28972
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Initialization
EUVDB-ID: #VU63658
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28688
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU63659
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3483
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Command Injection
EUVDB-ID: #VU56241
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29154
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU56017
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2021-22555
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
14) Memory leak
EUVDB-ID: #VU63654
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-25672
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the NFC LLCP protocol implementation when triggering the llcp_sock_connect() function. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource exhaustion
EUVDB-ID: #VU63656
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25673
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper control consumption of internal resources in non-blocking socket in llcp_sock_connect() function. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU63652
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25670
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can perform manipulation with an unknown input for the llcp_sock_bind() function to crash or escalate their privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU63653
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25671
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can trigger the llcp_sock_connect() function to crash or escalate their privileges on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU54454
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-33034
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in net/bluetooth/hci_event.c when destroying an hci_chan. A local user can escalate privileges on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Privilege escalation
EUVDB-ID: #VU7252
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0605
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to a flaw in the kernel trace subsystem. A local attacker can run a specially crafted application and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds write
EUVDB-ID: #VU63574
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-31916
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module. A special user (CAP_SYS_ADMIN) can trigger a buffer overflow in the ioctl for listing devices and escalate privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security features bypass
EUVDB-ID: #VU53579
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26558
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
- BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
- BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
- LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2
Mitigation
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper access control
EUVDB-ID: #VU54202
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0129
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information disclosure
EUVDB-ID: #VU53096
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24587
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU53154
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24586
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Spoofing attack
EUVDB-ID: #VU53098
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24588
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU53174
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26139
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to forwarding EAPOL frames even though the sender is not yet authenticated. A remote attacker on the local network can cause a denial of service (DoS) condition on the target system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU53172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU56240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29650
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Race condition
EUVDB-ID: #VU55257
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-32399
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Double Free
EUVDB-ID: #VU63660
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3564
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU63662
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3573
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows local user to escalate their privileges on the system.
The vulnerability exists due to a use-after-free in hci_sock_bound_ioctl() function of the Linux kernel HCI subsystem triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user can use this flaw to crash the system or escalate privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use of uninitialized resource
EUVDB-ID: #VU55263
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-34693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.276/kernel-headers: before 4.4.276_smp
linux-4.4.276/kernel-modules: before 4.4.276
linux-4.4.276/kernel-huge: before 4.4.276
linux-4.4.276/kernel-generic: before 4.4.276
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:o:slackware:linux-4.4.276_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
