Filtered by vendor Netapp Subscriptions
Filtered by product Solidfire Baseboard Management Controller Firmware Subscriptions
Total 70 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-42252 2 Linux, Netapp 19 Linux Kernel, H300e, H300e Firmware and 16 more 2024-11-21 7.8 High
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
CVE-2021-42008 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, H300e and 17 more 2024-11-21 7.8 High
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2021-41864 5 Debian, Fedoraproject, Linux and 2 more 25 Debian Linux, Fedora, Linux Kernel and 22 more 2024-11-21 7.8 High
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-3612 6 Debian, Fedoraproject, Linux and 3 more 26 Debian Linux, Fedora, Linux Kernel and 23 more 2024-11-21 7.8 High
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3506 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, Cloud Backup and 17 more 2024-11-21 7.1 High
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-3501 4 Fedoraproject, Linux, Netapp and 1 more 28 Fedora, Linux Kernel, Cloud Backup and 25 more 2024-11-21 7.1 High
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2021-33574 5 Debian, Fedoraproject, Gnu and 2 more 21 Debian Linux, Fedora, Glibc and 18 more 2024-11-21 9.8 Critical
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVE-2021-32399 4 Debian, Linux, Netapp and 1 more 27 Debian Linux, Linux Kernel, Cloud Backup and 24 more 2024-11-21 7.0 High
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2021-31440 3 Linux, Netapp, Redhat 19 Linux Kernel, Cloud Backup, H300e and 16 more 2024-11-21 7.0 High
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.
CVE-2021-28972 3 Fedoraproject, Linux, Netapp 5 Fedora, Linux Kernel, Cloud Backup and 2 more 2024-11-21 6.7 Medium
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
CVE-2021-28971 5 Debian, Fedoraproject, Linux and 2 more 10 Debian Linux, Fedora, Linux Kernel and 7 more 2024-11-21 5.5 Medium
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
CVE-2021-28964 4 Debian, Fedoraproject, Linux and 1 more 9 Debian Linux, Fedora, Linux Kernel and 6 more 2024-11-21 4.7 Medium
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.
CVE-2021-28952 3 Fedoraproject, Linux, Netapp 11 Fedora, Linux Kernel, A250 and 8 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)
CVE-2021-28951 3 Fedoraproject, Linux, Netapp 11 Fedora, Linux Kernel, A250 and 8 more 2024-11-21 5.5 Medium
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2024-11-21 8.8 High
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2021-28375 3 Fedoraproject, Linux, Netapp 4 Fedora, Linux Kernel, Cloud Backup and 1 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
CVE-2021-28039 3 Linux, Netapp, Xen 4 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller Firmware and 1 more 2024-11-21 6.5 Medium
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
CVE-2021-28038 3 Debian, Linux, Netapp 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more 2024-11-21 6.5 Medium
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
CVE-2021-27365 5 Debian, Linux, Netapp and 2 more 12 Debian Linux, Linux Kernel, Solidfire Baseboard Management Controller and 9 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
CVE-2021-27364 6 Canonical, Debian, Linux and 3 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 7.1 High
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.