Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-34556 CVE-2021-35477 CVE-2021-3655

A flaw was found in the Linux kernel, where an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality. (CVE-2021-34556) A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem (CVE-2021-35477) A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

Source

ALAS2-2021-1696

Amazon Linux 2 Security Advisory: ALAS-2021-1696
Advisory Release Date: 2021-08-04 20:32 Pacific
Advisory Updated Date: 2021-08-05 21:19 Pacific

Severity: Medium

References: CVE-2021-34556 CVE-2021-35477 CVE-2021-3655

Issue Overview:

A flaw was found in the Linux kernel, where an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality. (CVE-2021-34556)

A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem (CVE-2021-35477)

A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-4.14.241-184.433.amzn2.aarch64
    kernel-headers-4.14.241-184.433.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.241-184.433.amzn2.aarch64
    perf-4.14.241-184.433.amzn2.aarch64
    perf-debuginfo-4.14.241-184.433.amzn2.aarch64
    python-perf-4.14.241-184.433.amzn2.aarch64
    python-perf-debuginfo-4.14.241-184.433.amzn2.aarch64
    kernel-tools-4.14.241-184.433.amzn2.aarch64
    kernel-tools-devel-4.14.241-184.433.amzn2.aarch64
    kernel-tools-debuginfo-4.14.241-184.433.amzn2.aarch64
    kernel-devel-4.14.241-184.433.amzn2.aarch64
    kernel-debuginfo-4.14.241-184.433.amzn2.aarch64

i686:
    kernel-headers-4.14.241-184.433.amzn2.i686

src:
    kernel-4.14.241-184.433.amzn2.src

x86_64:
    kernel-4.14.241-184.433.amzn2.x86_64
    kernel-headers-4.14.241-184.433.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.241-184.433.amzn2.x86_64
    perf-4.14.241-184.433.amzn2.x86_64
    perf-debuginfo-4.14.241-184.433.amzn2.x86_64
    python-perf-4.14.241-184.433.amzn2.x86_64
    python-perf-debuginfo-4.14.241-184.433.amzn2.x86_64
    kernel-tools-4.14.241-184.433.amzn2.x86_64
    kernel-tools-devel-4.14.241-184.433.amzn2.x86_64
    kernel-tools-debuginfo-4.14.241-184.433.amzn2.x86_64
    kernel-devel-4.14.241-184.433.amzn2.x86_64
    kernel-debuginfo-4.14.241-184.433.amzn2.x86_64
    kernel-livepatch-4.14.241-184.433-1.0-0.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2021-1696

ALAS2-2021-1696

Vulmon Search

About

Products

Connect