ALAS2KERNEL-5.4-2022-022

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-022
Advisory Release Date: 2022-02-04 23:12 Pacific
Advisory Updated Date: 2022-02-11 21:47 Pacific

Severity: Important

References: CVE-2022-0330 CVE-2022-0492
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)

The cgroup release_agent is called with call_usermodehelper. The function call_usermodehelper starts the release_agent with a full set of capabilities. Therefore require capabilities when setting the release_agent. (CVE-2022-0492)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.4.176-91.338.amzn2.aarch64
    kernel-headers-5.4.176-91.338.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.176-91.338.amzn2.aarch64
    perf-5.4.176-91.338.amzn2.aarch64
    perf-debuginfo-5.4.176-91.338.amzn2.aarch64
    python-perf-5.4.176-91.338.amzn2.aarch64
    python-perf-debuginfo-5.4.176-91.338.amzn2.aarch64
    kernel-tools-5.4.176-91.338.amzn2.aarch64
    kernel-tools-devel-5.4.176-91.338.amzn2.aarch64
    kernel-tools-debuginfo-5.4.176-91.338.amzn2.aarch64
    bpftool-5.4.176-91.338.amzn2.aarch64
    bpftool-debuginfo-5.4.176-91.338.amzn2.aarch64
    kernel-devel-5.4.176-91.338.amzn2.aarch64
    kernel-debuginfo-5.4.176-91.338.amzn2.aarch64

i686:
    kernel-headers-5.4.176-91.338.amzn2.i686

src:
    kernel-5.4.176-91.338.amzn2.src

x86_64:
    kernel-5.4.176-91.338.amzn2.x86_64
    kernel-headers-5.4.176-91.338.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.176-91.338.amzn2.x86_64
    perf-5.4.176-91.338.amzn2.x86_64
    perf-debuginfo-5.4.176-91.338.amzn2.x86_64
    python-perf-5.4.176-91.338.amzn2.x86_64
    python-perf-debuginfo-5.4.176-91.338.amzn2.x86_64
    kernel-tools-5.4.176-91.338.amzn2.x86_64
    kernel-tools-devel-5.4.176-91.338.amzn2.x86_64
    kernel-tools-debuginfo-5.4.176-91.338.amzn2.x86_64
    bpftool-5.4.176-91.338.amzn2.x86_64
    bpftool-debuginfo-5.4.176-91.338.amzn2.x86_64
    kernel-devel-5.4.176-91.338.amzn2.x86_64
    kernel-debuginfo-5.4.176-91.338.amzn2.x86_64

Additional References

Red Hat: CVE-2022-0330, CVE-2022-0492

Mitre: CVE-2022-0330, CVE-2022-0492