Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-23133 CVE-2021-29155 CVE-2021-31829 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 CVE-2021-3501

A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind() function. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2020-25670) A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user triggers the llcp_sock_connect() function. This flaw allows a local user to crash the system. (CVE-2020-25671) A memory leak in the Linux kernel's NFC LLCP protocol implementation was found in the way a user triggers the llcp_sock_connect() function. This flaw allows a local user to starve the resources, causing a denial of service. (CVE-2020-25672) A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673) A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-23133) A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel. (CVE-2021-29155) A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality. (CVE-2021-31829) A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system. (CVE-2021-3489) A flaw was found in the Linux kernels eBPF verification code. It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions could use this flaw to crash the system or possibly escalate their privileges on the system. (CVE-2021-3490) A flaw was found in the Linux kernel. The io_uring PROVIDE_BUFFERS operation allowed the MAX_RW_COUNT limit to be bypassed, which led to negative values being used in mem_rw when reading /proc/<PID>/mem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3491) A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. (CVE-2021-3501)

Source

ALAS2KERNEL-5.10-2022-001

Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2022-001
Advisory Release Date: 2022-01-20 23:18 Pacific
Advisory Updated Date: 2022-01-28 17:25 Pacific

Severity: Important

References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-23133 CVE-2021-29155 CVE-2021-31829 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 CVE-2021-3501

Issue Overview:

A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind() function. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2020-25670)

A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user triggers the llcp_sock_connect() function. This flaw allows a local user to crash the system. (CVE-2020-25671)

A memory leak in the Linux kernel's NFC LLCP protocol implementation was found in the way a user triggers the llcp_sock_connect() function. This flaw allows a local user to starve the resources, causing a denial of service. (CVE-2020-25672)

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)

A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-23133)

A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel. (CVE-2021-29155)

A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality. (CVE-2021-31829)

A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system. (CVE-2021-3489)

A flaw was found in the Linux kernels eBPF verification code. It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions could use this flaw to crash the system or possibly escalate their privileges on the system. (CVE-2021-3490)

A flaw was found in the Linux kernel. The io_uring PROVIDE_BUFFERS operation allowed the MAX_RW_COUNT limit to be bypassed, which led to negative values being used in mem_rw when reading /proc/<PID>/mem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3491)

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. (CVE-2021-3501)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.10.35-31.135.amzn2.aarch64
    kernel-headers-5.10.35-31.135.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.35-31.135.amzn2.aarch64
    perf-5.10.35-31.135.amzn2.aarch64
    perf-debuginfo-5.10.35-31.135.amzn2.aarch64
    python-perf-5.10.35-31.135.amzn2.aarch64
    python-perf-debuginfo-5.10.35-31.135.amzn2.aarch64
    kernel-tools-5.10.35-31.135.amzn2.aarch64
    kernel-tools-devel-5.10.35-31.135.amzn2.aarch64
    kernel-tools-debuginfo-5.10.35-31.135.amzn2.aarch64
    bpftool-5.10.35-31.135.amzn2.aarch64
    bpftool-debuginfo-5.10.35-31.135.amzn2.aarch64
    kernel-devel-5.10.35-31.135.amzn2.aarch64
    kernel-debuginfo-5.10.35-31.135.amzn2.aarch64

i686:
    kernel-headers-5.10.35-31.135.amzn2.i686

src:
    kernel-5.10.35-31.135.amzn2.src

x86_64:
    kernel-5.10.35-31.135.amzn2.x86_64
    kernel-headers-5.10.35-31.135.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.35-31.135.amzn2.x86_64
    perf-5.10.35-31.135.amzn2.x86_64
    perf-debuginfo-5.10.35-31.135.amzn2.x86_64
    python-perf-5.10.35-31.135.amzn2.x86_64
    python-perf-debuginfo-5.10.35-31.135.amzn2.x86_64
    kernel-tools-5.10.35-31.135.amzn2.x86_64
    kernel-tools-devel-5.10.35-31.135.amzn2.x86_64
    kernel-tools-debuginfo-5.10.35-31.135.amzn2.x86_64
    bpftool-5.10.35-31.135.amzn2.x86_64
    bpftool-debuginfo-5.10.35-31.135.amzn2.x86_64
    kernel-devel-5.10.35-31.135.amzn2.x86_64
    kernel-debuginfo-5.10.35-31.135.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2KERNEL-5.10-2022-001

ALAS2KERNEL-5.10-2022-001

Vulmon Search

About

Products

Connect