ALAS2KERNEL-5.4-2022-001


Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-001
Advisory Release Date: 2022-01-11 19:20 Pacific
Advisory Updated Date: 2022-01-28 17:24 Pacific
Severity: Important

Issue Overview:

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. (CVE-2020-25639)

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. (CVE-2021-26931)

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. (CVE-2021-27363)

A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability. (CVE-2021-27364)

A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-27365)

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. (CVE-2021-28038)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.4.105-48.177.amzn2.aarch64
    kernel-headers-5.4.105-48.177.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.105-48.177.amzn2.aarch64
    perf-5.4.105-48.177.amzn2.aarch64
    perf-debuginfo-5.4.105-48.177.amzn2.aarch64
    python-perf-5.4.105-48.177.amzn2.aarch64
    python-perf-debuginfo-5.4.105-48.177.amzn2.aarch64
    kernel-tools-5.4.105-48.177.amzn2.aarch64
    kernel-tools-devel-5.4.105-48.177.amzn2.aarch64
    kernel-tools-debuginfo-5.4.105-48.177.amzn2.aarch64
    bpftool-5.4.105-48.177.amzn2.aarch64
    bpftool-debuginfo-5.4.105-48.177.amzn2.aarch64
    kernel-devel-5.4.105-48.177.amzn2.aarch64
    kernel-debuginfo-5.4.105-48.177.amzn2.aarch64

i686:
    kernel-headers-5.4.105-48.177.amzn2.i686

src:
    kernel-5.4.105-48.177.amzn2.src

x86_64:
    kernel-5.4.105-48.177.amzn2.x86_64
    kernel-headers-5.4.105-48.177.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.105-48.177.amzn2.x86_64
    perf-5.4.105-48.177.amzn2.x86_64
    perf-debuginfo-5.4.105-48.177.amzn2.x86_64
    python-perf-5.4.105-48.177.amzn2.x86_64
    python-perf-debuginfo-5.4.105-48.177.amzn2.x86_64
    kernel-tools-5.4.105-48.177.amzn2.x86_64
    kernel-tools-devel-5.4.105-48.177.amzn2.x86_64
    kernel-tools-debuginfo-5.4.105-48.177.amzn2.x86_64
    bpftool-5.4.105-48.177.amzn2.x86_64
    bpftool-debuginfo-5.4.105-48.177.amzn2.x86_64
    kernel-devel-5.4.105-48.177.amzn2.x86_64
    kernel-debuginfo-5.4.105-48.177.amzn2.x86_64