ALAS2-2021-1627


Amazon Linux 2 Security Advisory: ALAS-2021-1627
Advisory Release Date: 2021-04-20 17:55 Pacific
Advisory Updated Date: 2021-04-21 18:24 Pacific
Severity: Important

Issue Overview:

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. (CVE-2019-19060 )

A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308 )

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670 )

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. (CVE-2020-25671 )

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect. (CVE-2020-25672 )

A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-27171 )

A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability. (CVE-2021-28660 )

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)

A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964 )

A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel's stack. (CVE-2021-28972 )

A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154 )

A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability. (CVE-2021-29265 )

A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality. (CVE-2021-29647 )

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3483 )


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-4.14.231-173.360.amzn2.aarch64
    kernel-headers-4.14.231-173.360.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.231-173.360.amzn2.aarch64
    perf-4.14.231-173.360.amzn2.aarch64
    perf-debuginfo-4.14.231-173.360.amzn2.aarch64
    python-perf-4.14.231-173.360.amzn2.aarch64
    python-perf-debuginfo-4.14.231-173.360.amzn2.aarch64
    kernel-tools-4.14.231-173.360.amzn2.aarch64
    kernel-tools-devel-4.14.231-173.360.amzn2.aarch64
    kernel-tools-debuginfo-4.14.231-173.360.amzn2.aarch64
    kernel-devel-4.14.231-173.360.amzn2.aarch64
    kernel-debuginfo-4.14.231-173.360.amzn2.aarch64

i686:
    kernel-headers-4.14.231-173.360.amzn2.i686

src:
    kernel-4.14.231-173.360.amzn2.src

x86_64:
    kernel-4.14.231-173.360.amzn2.x86_64
    kernel-headers-4.14.231-173.360.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.231-173.360.amzn2.x86_64
    perf-4.14.231-173.360.amzn2.x86_64
    perf-debuginfo-4.14.231-173.360.amzn2.x86_64
    python-perf-4.14.231-173.360.amzn2.x86_64
    python-perf-debuginfo-4.14.231-173.360.amzn2.x86_64
    kernel-tools-4.14.231-173.360.amzn2.x86_64
    kernel-tools-devel-4.14.231-173.360.amzn2.x86_64
    kernel-tools-debuginfo-4.14.231-173.360.amzn2.x86_64
    kernel-devel-4.14.231-173.360.amzn2.x86_64
    kernel-debuginfo-4.14.231-173.360.amzn2.x86_64
    kernel-livepatch-4.14.231-173.360-1.0-0.amzn2.x86_64