Main Vulnerability Database SB2021040736

SB2021040736 - openEuler update for binutils

Published: April 7, 2021

Security Bulletin ID SB2021040736

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2020-0551)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

2) Use-after-free (CVE-ID: CVE-2020-16592)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists in bfd_hash_lookup. A local attacker can trick the victim into opening a specially crafted data, trigger use-after-free and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1098

SB2021040736 - openEuler update for binutils

Breakdown by Severity

Description

Remediation

References

Please verify you're human