CVE-2021-0605 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-0605 PUBLISHED

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476

EPSS 0.04% · 12.8th percentile

Risk Scores

EPSS Score

0.04%

12.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	linux-oem	4.15.0-1076.86, 4.15.0-1103.114, 4.15.0-1102.113
Ubuntu:20.04:LTS	linux-oracle	0, 5.3.0-1002.2, 5.4.0-1029.31
Ubuntu:16.04:LTS	linux-hwe-edge	4.15.0-13.14~16.04.1, 0, 4.8.0-28.30~16.04.1
Ubuntu:Pro:FIPS-updates:20.04:LTS	linux-gcp-fips	0, 5.4.0-1021.21+fips1
Ubuntu:18.04:LTS	linux-hwe	4.18.0-25.26~18.04.1, 5.0.0-23.24~18.04.1, 5.0.0-25.26~18.04.1
Ubuntu:18.04:LTS	linux-oracle-5.3	5.3.0-1013.14~18.04.1, 5.3.0-1016.18~18.04.1, 5.3.0-1018.20~18.04.1
Ubuntu:Pro:14.04:LTS	linux-azure	4.15.0-1060.65~14.04.1, 4.15.0-1057.62~14.04.1, 4.15.0-1056.61~14.04.1
Ubuntu:Pro:FIPS:20.04:LTS	linux-aws-fips	5.4.0-1021.21+fips2, 0
Ubuntu:18.04:LTS	linux-azure-4.15	4.15.0-1093.103, 0, 4.15.0-1082.92
Ubuntu:18.04:LTS	linux-raspi-5.4	5.4.0-1013.13~18.04.1, 5.4.0-1015.15~18.04.1, 5.4.0-1016.17~18.04.1
Ubuntu:Pro:FIPS:16.04:LTS	linux-fips	4.4.0-1005.5, 4.4.0-1003.3, 0
Ubuntu:18.04:LTS	linux-azure	4.15.0-1014.14, 0, 4.15.0-1002.2
Ubuntu:Pro:FIPS-updates:20.04:LTS	linux-aws-fips	0, 5.4.0-1021.21+fips2
Ubuntu:18.04:LTS	linux-gcp-5.4	5.4.0-1025.25~18.04.1, 5.4.0-1024.24~18.04.1, 5.4.0-1022.22~18.04.1
Ubuntu:18.04:LTS	linux-gcp-5.3	5.3.0-1014.15~18.04.1, 5.3.0-1017.18~18.04.1, 5.3.0-1018.19~18.04.1
Ubuntu:20.04:LTS	linux-raspi2	0, 5.4.0-1006.6, 5.4.0-1004.4
Ubuntu:20.04:LTS	linux-azure	5.4.0-1023.23, 5.4.0-1022.22, 0
Ubuntu:Pro:FIPS-updates:20.04:LTS	linux-azure-fips	0, 5.4.0-1022.22+fips1
Ubuntu:22.04:LTS	linux-realtime	5.15.0-1032.35, 0
Ubuntu:16.04:LTS	linux-gcp	4.10.0-1004.4, 0, 4.15.0-1032.34~16.04.1

…and 50 more

Timeline

Jun 22, 2021 CVE Published
Jun 23, 2021 EPSS Score
Aug 22, 2021 EPSS Score
Oct 21, 2021 EPSS Score
Dec 19, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 17, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 18, 2022 EPSS Score
Jun 17, 2022 EPSS Score
Aug 17, 2022 EPSS Score
Oct 15, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-0605 third-party-advisory
https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-0605 third-party-advisory

Open in Interactive Console →