Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2KERNEL-5.4-2022-014

Related Vulnerabilities: CVE-2019-18808   CVE-2019-19054   CVE-2020-10781   CVE-2020-12656   CVE-2020-15393   CVE-2020-16166  

A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. (CVE-2019-18808) A flaw was found in the Linux kernel. The CX23888 Integrated Consumer Infrared Controller probe code handles resource cleanup low memory conditions. A local attacker able to induce low memory conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. (CVE-2019-19054) A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781) A flaw was found in the implementation of the Linux kernel's GSS mechanism registration functionality. During this period, memory allocation was not freed when the module was unloaded, leading to a memory leak. This flaw allows an attacker with the ability to repeat loads and unloads, to cause the system to run out of free memory and crash eventually. (CVE-2020-12656) In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393) A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-16166)

Source

ALAS2KERNEL-5.4-2022-014

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-014
Advisory Release Date: 2022-01-20 19:25 Pacific
Advisory Updated Date: 2022-01-28 17:22 Pacific
Severity: Medium
Issue Overview:

A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. (CVE-2019-18808)

A flaw was found in the Linux kernel. The CX23888 Integrated Consumer Infrared Controller probe code handles resource cleanup low memory conditions. A local attacker able to induce low memory conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. (CVE-2019-19054)

A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)

A flaw was found in the implementation of the Linux kernel's GSS mechanism registration functionality. During this period, memory allocation was not freed when the module was unloaded, leading to a memory leak. This flaw allows an attacker with the ability to repeat loads and unloads, to cause the system to run out of free memory and crash eventually. (CVE-2020-12656)

In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-16166)


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.4.58-27.104.amzn2.aarch64
    kernel-headers-5.4.58-27.104.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.58-27.104.amzn2.aarch64
    perf-5.4.58-27.104.amzn2.aarch64
    perf-debuginfo-5.4.58-27.104.amzn2.aarch64
    python-perf-5.4.58-27.104.amzn2.aarch64
    python-perf-debuginfo-5.4.58-27.104.amzn2.aarch64
    kernel-tools-5.4.58-27.104.amzn2.aarch64
    kernel-tools-devel-5.4.58-27.104.amzn2.aarch64
    kernel-tools-debuginfo-5.4.58-27.104.amzn2.aarch64
    kernel-devel-5.4.58-27.104.amzn2.aarch64
    kernel-debuginfo-5.4.58-27.104.amzn2.aarch64

i686:
    kernel-headers-5.4.58-27.104.amzn2.i686

src:
    kernel-5.4.58-27.104.amzn2.src

x86_64:
    kernel-5.4.58-27.104.amzn2.x86_64
    kernel-headers-5.4.58-27.104.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.58-27.104.amzn2.x86_64
    perf-5.4.58-27.104.amzn2.x86_64
    perf-debuginfo-5.4.58-27.104.amzn2.x86_64
    python-perf-5.4.58-27.104.amzn2.x86_64
    python-perf-debuginfo-5.4.58-27.104.amzn2.x86_64
    kernel-tools-5.4.58-27.104.amzn2.x86_64
    kernel-tools-devel-5.4.58-27.104.amzn2.x86_64
    kernel-tools-debuginfo-5.4.58-27.104.amzn2.x86_64
    kernel-devel-5.4.58-27.104.amzn2.x86_64
    kernel-debuginfo-5.4.58-27.104.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started