ALASKERNEL-5.10-2024-058

Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2024-058
Advisory Release Date: 2024-05-23 23:02 Pacific
Advisory Updated Date: 2024-06-06 20:38 Pacific
Severity: Important
Issue Overview:

2024-06-06: CVE-2021-28951 was added to this advisory.

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)

A remote denial of service vulnerability was found in the Linux kernel's TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. (CVE-2023-1390)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.10.29-27.126.amzn2.aarch64
    kernel-headers-5.10.29-27.126.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.29-27.126.amzn2.aarch64
    perf-5.10.29-27.126.amzn2.aarch64
    perf-debuginfo-5.10.29-27.126.amzn2.aarch64
    python-perf-5.10.29-27.126.amzn2.aarch64
    python-perf-debuginfo-5.10.29-27.126.amzn2.aarch64
    kernel-tools-5.10.29-27.126.amzn2.aarch64
    kernel-tools-devel-5.10.29-27.126.amzn2.aarch64
    kernel-tools-debuginfo-5.10.29-27.126.amzn2.aarch64
    bpftool-5.10.29-27.126.amzn2.aarch64
    bpftool-debuginfo-5.10.29-27.126.amzn2.aarch64
    kernel-devel-5.10.29-27.126.amzn2.aarch64
    kernel-debuginfo-5.10.29-27.126.amzn2.aarch64

i686:
    kernel-headers-5.10.29-27.126.amzn2.i686

src:
    kernel-5.10.29-27.126.amzn2.src

x86_64:
    kernel-5.10.29-27.126.amzn2.x86_64
    kernel-headers-5.10.29-27.126.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.29-27.126.amzn2.x86_64
    perf-5.10.29-27.126.amzn2.x86_64
    perf-debuginfo-5.10.29-27.126.amzn2.x86_64
    python-perf-5.10.29-27.126.amzn2.x86_64
    python-perf-debuginfo-5.10.29-27.126.amzn2.x86_64
    kernel-tools-5.10.29-27.126.amzn2.x86_64
    kernel-tools-devel-5.10.29-27.126.amzn2.x86_64
    kernel-tools-debuginfo-5.10.29-27.126.amzn2.x86_64
    bpftool-5.10.29-27.126.amzn2.x86_64
    bpftool-debuginfo-5.10.29-27.126.amzn2.x86_64
    kernel-devel-5.10.29-27.126.amzn2.x86_64
    kernel-debuginfo-5.10.29-27.126.amzn2.x86_64

Additional References

Red Hat: CVE-2021-28951, CVE-2023-1390

Mitre: CVE-2021-28951, CVE-2023-1390