ALAS2-2021-1685


Amazon Linux 2 Security Advisory: ALAS-2021-1685
Advisory Release Date: 2021-07-14 20:35 Pacific
Advisory Updated Date: 2021-07-15 21:45 Pacific
Severity: Important

Issue Overview:

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. (CVE-2020-26558)

A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2021-0129)

A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem. (CVE-2021-29650)

A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-32399)

A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034)

A flaw was found in the Linux kernel's BPF subsystem, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality. (CVE-2021-33624)

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. (CVE-2021-3564)

A flaw use-after-free in the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-3573)


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-4.14.238-182.421.amzn2.aarch64
    kernel-headers-4.14.238-182.421.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.238-182.421.amzn2.aarch64
    perf-4.14.238-182.421.amzn2.aarch64
    perf-debuginfo-4.14.238-182.421.amzn2.aarch64
    python-perf-4.14.238-182.421.amzn2.aarch64
    python-perf-debuginfo-4.14.238-182.421.amzn2.aarch64
    kernel-tools-4.14.238-182.421.amzn2.aarch64
    kernel-tools-devel-4.14.238-182.421.amzn2.aarch64
    kernel-tools-debuginfo-4.14.238-182.421.amzn2.aarch64
    kernel-devel-4.14.238-182.421.amzn2.aarch64
    kernel-debuginfo-4.14.238-182.421.amzn2.aarch64

i686:
    kernel-headers-4.14.238-182.421.amzn2.i686

src:
    kernel-4.14.238-182.421.amzn2.src

x86_64:
    kernel-4.14.238-182.421.amzn2.x86_64
    kernel-headers-4.14.238-182.421.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.238-182.421.amzn2.x86_64
    perf-4.14.238-182.421.amzn2.x86_64
    perf-debuginfo-4.14.238-182.421.amzn2.x86_64
    python-perf-4.14.238-182.421.amzn2.x86_64
    python-perf-debuginfo-4.14.238-182.421.amzn2.x86_64
    kernel-tools-4.14.238-182.421.amzn2.x86_64
    kernel-tools-devel-4.14.238-182.421.amzn2.x86_64
    kernel-tools-debuginfo-4.14.238-182.421.amzn2.x86_64
    kernel-devel-4.14.238-182.421.amzn2.x86_64
    kernel-debuginfo-4.14.238-182.421.amzn2.x86_64
    kernel-livepatch-4.14.238-182.421-1.0-0.amzn2.x86_64