Amazon Linux 2 Security Advisory: ALAS-2021-1600
Advisory Release Date: 2021-02-17 18:07 Pacific
Advisory Updated Date: 2023-02-17 00:12 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. (CVE-2020-27825)
A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called. (CVE-2020-28374)
** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)
A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3347)
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-4.14.219-161.340.amzn2.aarch64
kernel-headers-4.14.219-161.340.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.219-161.340.amzn2.aarch64
perf-4.14.219-161.340.amzn2.aarch64
perf-debuginfo-4.14.219-161.340.amzn2.aarch64
python-perf-4.14.219-161.340.amzn2.aarch64
python-perf-debuginfo-4.14.219-161.340.amzn2.aarch64
kernel-tools-4.14.219-161.340.amzn2.aarch64
kernel-tools-devel-4.14.219-161.340.amzn2.aarch64
kernel-tools-debuginfo-4.14.219-161.340.amzn2.aarch64
kernel-devel-4.14.219-161.340.amzn2.aarch64
kernel-debuginfo-4.14.219-161.340.amzn2.aarch64
i686:
kernel-headers-4.14.219-161.340.amzn2.i686
src:
kernel-4.14.219-161.340.amzn2.src
x86_64:
kernel-4.14.219-161.340.amzn2.x86_64
kernel-headers-4.14.219-161.340.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.219-161.340.amzn2.x86_64
perf-4.14.219-161.340.amzn2.x86_64
perf-debuginfo-4.14.219-161.340.amzn2.x86_64
python-perf-4.14.219-161.340.amzn2.x86_64
python-perf-debuginfo-4.14.219-161.340.amzn2.x86_64
kernel-tools-4.14.219-161.340.amzn2.x86_64
kernel-tools-devel-4.14.219-161.340.amzn2.x86_64
kernel-tools-debuginfo-4.14.219-161.340.amzn2.x86_64
kernel-devel-4.14.219-161.340.amzn2.x86_64
kernel-debuginfo-4.14.219-161.340.amzn2.x86_64
kernel-livepatch-4.14.219-161.340-1.0-0.amzn2.x86_64