CHK NVD : CVE-2021-4034 - d316e37a

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2021-4034 - Cvss2 : 7.2 [CVE Configuration Update Request] Update Suggestion - CVE-2021-4034 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2021-4034 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2021-4034.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2021-4034.json

- CVE-2021-4034
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.282
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.246
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (excluding) 4.9.317
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.110
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.33
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.0 up to (excluding) 5.16.19
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18.0 up to (excluding) 5.18
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.197
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.282
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.246
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.9.317
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.110
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.33
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.19
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17.2
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.18
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.197
- Reference (Commit)
  - exec: Force single empty string when argv is empty
    - Fixed by
      - 4.14.282 (98e0c7c702894987732776736c99b85ade6fba45)
      - 4.19.246 (b50fb8dbc8b81aaa126387de428f4c42a7c72a73)
      - 4.9.317 (41f6ea5b9aaa28b740d47ffe995a5013211fdbb0)
      - 5.10.110 (27a6f495b63a1804cc71be45911065db7757a98c)
      - 5.15.33 (1290eb4412aa0f0e9f3434b406dc8e255da85f9e)
      - 5.16.19 (a8054d3fa5deb84b215d6be1b910a978f3cb840d)
      - 5.17.2 (cfbfff8ce5e3d674947581f1eb9af0a1b1807950)
      - 5.18 (dcd46d897adb70d63e025f175a00a89797d31a43) (upstream)
      - 5.4.197 (1fe82bfd9e4ce93399d815ca458b58505191c3e8)
    - Will be introduced by
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2021-4034	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:suse:linux_enterprise_workstation_extension:12:sp5
cpe:/o:suse:linux_enterprise_server:15:sp2:~sap
cpe:/o:suse:linux_enterprise_server:15:sp2:~-
cpe:/o:suse:linux_enterprise_desktop:15:sp2
cpe:/o:siemens:scalance_lpe9403_firmware	2.0
cpe:/o:redhat:enterprise_linux_workstation:7.0
cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4
cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2
cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1
cpe:/o:redhat:enterprise_linux_server_tus:8.4
cpe:/o:redhat:enterprise_linux_server_tus:8.2
cpe:/o:redhat:enterprise_linux_server_tus:7.7
cpe:/o:redhat:enterprise_linux_server_tus:7.6
cpe:/o:redhat:enterprise_linux_server_eus:8.4
cpe:/o:redhat:enterprise_linux_server_aus:8.4
cpe:/o:redhat:enterprise_linux_server_aus:8.2
cpe:/o:redhat:enterprise_linux_server_aus:7.7
cpe:/o:redhat:enterprise_linux_server_aus:7.6
cpe:/o:redhat:enterprise_linux_server_aus:7.4
cpe:/o:redhat:enterprise_linux_server_aus:7.3
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_for_scientific_computing:7.0
cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.4
cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.2
cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.1
cpe:/o:redhat:enterprise_linux_for_power_little_endian:8.0
cpe:/o:redhat:enterprise_linux_for_power_little_endian:7.0
cpe:/o:redhat:enterprise_linux_for_power_big_endian:7.0
cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4
cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2
cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:8.0
cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:7.0
cpe:/o:redhat:enterprise_linux_eus:8.2
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux:8.0
cpe:/o:canonical:ubuntu_linux:21.10
cpe:/o:canonical:ubuntu_linux:20.04::lts~
cpe:/o:canonical:ubuntu_linux:18.04::lts~
cpe:/o:canonical:ubuntu_linux:16.04::esm~
cpe:/o:canonical:ubuntu_linux:14.04::esm~
cpe:/a:suse:manager_server:4.1
cpe:/a:suse:manager_proxy:4.1
cpe:/a:suse:linux_enterprise_high_performance_computing:15.0:sp2:-~
cpe:/a:suse:enterprise_storage:7.0
cpe:/a:starwindsoftware:starwind_virtual_san:v8:build14338
cpe:/a:starwindsoftware:starwind_hyperconverged_appliance:-
cpe:/a:starwindsoftware:command_center:1.0:update3_build5871
cpe:/a:siemens:sinumerik_edge	3.3.0
cpe:/a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7
cpe:/a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6
cpe:/a:polkit_project:polkit
cpe:/a:oracle:zfs_storage_appliance_kit:8.8
cpe:/a:oracle:http_server:12.2.1.4.0
cpe:/a:oracle:http_server:12.2.1.3.0

[witchcraze]

関係ないかも