Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835079 (CVE-2021-20269) - sys-apps/kexec-tools: kdump dmesg log insecure permissions
Summary: sys-apps/kexec-tools: kdump dmesg log insecure permissions
Status: CONFIRMED
Alias: CVE-2021-20269
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B4 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-13 14:13 UTC by John Helmert III
Modified: 2022-03-13 14:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-13 14:13:13 UTC
CVE-2021-20269:

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.

No reference to any upstream issue, and RedHat's closed their bug.