Rewterz Threat Alert – Donot APT group Fresh Campaign – IOCs
March 11, 2021Rewterz Threat Alert – APT 32 Ocean Lotus – Active IOCs
March 12, 2021Rewterz Threat Alert – Donot APT group Fresh Campaign – IOCs
March 11, 2021Rewterz Threat Alert – APT 32 Ocean Lotus – Active IOCs
March 12, 2021Severity
Medium
Analysis Summary
CVE-2021-20269
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by incorrect permissions on vmcore-dmesg.txt file in kexec-tools. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain kernel internal information, and use this information to launch further attacks against the affected system.
CVE-2021-20261
Linux Kernel is vulnerable to a denial of service, caused by a race condition in the implementation of the floppy disk drive controller driver software. By sending multiple threads to open(“/dev/fdX”), a local attacker could exploit this vulnerability to cause system to crash.
Impact
- Information disclosure
- Denial of Service
Affected Vendors
Linux
Remediation
Refer to Linux advisory for the complete list of affected products and their respective patches.