Rewterz Threat Alert – Active FBR Malicious Attachments Email Campaign
April 17, 2021Rewterz Threat Advisory – CVE-2021-30245 – Apache OpenOffice Code Execution
April 19, 2021Rewterz Threat Alert – Active FBR Malicious Attachments Email Campaign
April 17, 2021Rewterz Threat Advisory – CVE-2021-30245 – Apache OpenOffice Code Execution
April 19, 2021Severity
High
Analysis Summary
CVE-2021-3492
A double-free flaw in the copy_from_user() function allows an attacker to execute arbitrary code on the system in shiftfs (out-of-tree stacking file system). The attacker can exploit this vulnerability by sending specially crafted ioctls requests to cause kernel memory consumption (denial of service) in the system or execute arbitrary codes.
CVE-2021-3493
In the overlayfs stacking file system in the kernel, an authenticated attacker can gain elevated privileges on the system caused by the improper validation of filing capabilities against user namespaces. The attacker can exploit this vulnerability by sending specially crafted requests along with a patch carried in the Ubuntu kernel to gain elevated privileges.
Impact
- Denial of Service
- Gain Escalated privileges
- Gain access
Affected Vendors
Ubuntu
Affected Products
- Ubuntu Ubuntu 20.04 LTS
- Ubuntu Ubuntu 20.10
- Linux Kernel 5.10
- Linux Kernel 5.11
Remediation
Download the latest patches for Ubuntu and refer to the Ubuntu website for information on upgrades or suggested workarounds at