Amazon Linux 2 Security Advisory: ALAS-2020-1495
Advisory Release Date: 2020-09-28 20:57 Pacific
Advisory Updated Date: 2023-06-29 22:24 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2023-06-29: CVE-2022-20565 was added to this advisory. The severity level has changed from Medium to Important.
An issue in the HID driver in the Linux kernel may lead to invalid memory access. (CVE-2022-20565)
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage the lifetime of internal data structures used. An attacker could use this flaw to corrupt memory or escalate privileges. (CVE-2019-19448)
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. (CVE-2020-14314)
A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25211)
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation. (CVE-2020-25212)
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-4.14.198-152.320.amzn2.aarch64
kernel-headers-4.14.198-152.320.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.198-152.320.amzn2.aarch64
perf-4.14.198-152.320.amzn2.aarch64
perf-debuginfo-4.14.198-152.320.amzn2.aarch64
python-perf-4.14.198-152.320.amzn2.aarch64
python-perf-debuginfo-4.14.198-152.320.amzn2.aarch64
kernel-tools-4.14.198-152.320.amzn2.aarch64
kernel-tools-devel-4.14.198-152.320.amzn2.aarch64
kernel-tools-debuginfo-4.14.198-152.320.amzn2.aarch64
kernel-devel-4.14.198-152.320.amzn2.aarch64
kernel-debuginfo-4.14.198-152.320.amzn2.aarch64
i686:
kernel-headers-4.14.198-152.320.amzn2.i686
src:
kernel-4.14.198-152.320.amzn2.src
x86_64:
kernel-4.14.198-152.320.amzn2.x86_64
kernel-headers-4.14.198-152.320.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.198-152.320.amzn2.x86_64
perf-4.14.198-152.320.amzn2.x86_64
perf-debuginfo-4.14.198-152.320.amzn2.x86_64
python-perf-4.14.198-152.320.amzn2.x86_64
python-perf-debuginfo-4.14.198-152.320.amzn2.x86_64
kernel-tools-4.14.198-152.320.amzn2.x86_64
kernel-tools-devel-4.14.198-152.320.amzn2.x86_64
kernel-tools-debuginfo-4.14.198-152.320.amzn2.x86_64
kernel-devel-4.14.198-152.320.amzn2.x86_64
kernel-debuginfo-4.14.198-152.320.amzn2.x86_64
kernel-livepatch-4.14.198-152.320-1.0-0.amzn2.x86_64