Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-19060 CVE-2019-7308 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-27171 CVE-2021-22555 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28972 CVE-2021-29154 CVE-2021-29265 CVE-2021-29647 CVE-2021-3483

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. (CVE-2019-19060) A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308) A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670) A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. (CVE-2020-25671) A memory leak vulnerability was found in Linux kernel in llcp_sock_connect. (CVE-2020-25672) A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-27171) A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability. (CVE-2021-28660) The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2021-28688">CVE-2021-28688</a>) A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964) A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel's stack. (CVE-2021-28972) A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154) A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability. (CVE-2021-29265) A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality. (CVE-2021-29647) A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3483) A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2021-22555) CVE-2021-22555 has been added after the original release, however it was fixed in the patch from 2021-04-20.

Source

ALAS2-2021-1627

Amazon Linux 2 Security Advisory: ALAS-2021-1627
Advisory Release Date: 2021-04-20 17:55 Pacific
Advisory Updated Date: 2021-07-15 23:24 Pacific

Severity: Important

References: CVE-2019-19060 CVE-2019-7308 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-27171 CVE-2021-22555 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28972 CVE-2021-29154 CVE-2021-29265 CVE-2021-29647 CVE-2021-3483

Issue Overview:

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. (CVE-2019-19060)

A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308)

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. (CVE-2020-25671)

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect. (CVE-2020-25672)

A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-27171)

A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability. (CVE-2021-28660)

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. (<a href="https://nvd.nist.gov/vuln/detail/CVE%2D2021-28688">CVE-2021-28688</a>)

A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964)

A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel's stack. (CVE-2021-28972)

A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154)

A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability. (CVE-2021-29265)

A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality. (CVE-2021-29647)

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3483)

A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2021-22555)

CVE-2021-22555 has been added after the original release, however it was fixed in the patch from 2021-04-20.

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-4.14.231-173.360.amzn2.aarch64
    kernel-headers-4.14.231-173.360.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.231-173.360.amzn2.aarch64
    perf-4.14.231-173.360.amzn2.aarch64
    perf-debuginfo-4.14.231-173.360.amzn2.aarch64
    python-perf-4.14.231-173.360.amzn2.aarch64
    python-perf-debuginfo-4.14.231-173.360.amzn2.aarch64
    kernel-tools-4.14.231-173.360.amzn2.aarch64
    kernel-tools-devel-4.14.231-173.360.amzn2.aarch64
    kernel-tools-debuginfo-4.14.231-173.360.amzn2.aarch64
    kernel-devel-4.14.231-173.360.amzn2.aarch64
    kernel-debuginfo-4.14.231-173.360.amzn2.aarch64

i686:
    kernel-headers-4.14.231-173.360.amzn2.i686

src:
    kernel-4.14.231-173.360.amzn2.src

x86_64:
    kernel-4.14.231-173.360.amzn2.x86_64
    kernel-headers-4.14.231-173.360.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.231-173.360.amzn2.x86_64
    perf-4.14.231-173.360.amzn2.x86_64
    perf-debuginfo-4.14.231-173.360.amzn2.x86_64
    python-perf-4.14.231-173.360.amzn2.x86_64
    python-perf-debuginfo-4.14.231-173.360.amzn2.x86_64
    kernel-tools-4.14.231-173.360.amzn2.x86_64
    kernel-tools-devel-4.14.231-173.360.amzn2.x86_64
    kernel-tools-debuginfo-4.14.231-173.360.amzn2.x86_64
    kernel-devel-4.14.231-173.360.amzn2.x86_64
    kernel-debuginfo-4.14.231-173.360.amzn2.x86_64
    kernel-livepatch-4.14.231-173.360-1.0-0.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2021-1627

ALAS2-2021-1627

Vulmon Search

About

Products

Connect