ALASKERNEL-5.4-2023-044

References: CVE-2021-4037  CVE-2021-47082  CVE-2022-4744  CVE-2023-0590  CVE-2023-2124  CVE-2023-2194  CVE-2023-28466  CVE-2023-33203 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-08-01: CVE-2021-47082 was added to this advisory.

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)

In the Linux kernel, the following vulnerability has been resolved:

tun: avoid double free in tun_free_netdev (CVE-2021-47082)

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. (CVE-2023-0590)

An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-2124)

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. (CVE-2023-2194)

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. (CVE-2023-33203)

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.4.241-150.347.amzn2.aarch64
    kernel-headers-5.4.241-150.347.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.241-150.347.amzn2.aarch64
    perf-5.4.241-150.347.amzn2.aarch64
    perf-debuginfo-5.4.241-150.347.amzn2.aarch64
    python-perf-5.4.241-150.347.amzn2.aarch64
    python-perf-debuginfo-5.4.241-150.347.amzn2.aarch64
    kernel-tools-5.4.241-150.347.amzn2.aarch64
    kernel-tools-devel-5.4.241-150.347.amzn2.aarch64
    kernel-tools-debuginfo-5.4.241-150.347.amzn2.aarch64
    bpftool-5.4.241-150.347.amzn2.aarch64
    bpftool-debuginfo-5.4.241-150.347.amzn2.aarch64
    kernel-devel-5.4.241-150.347.amzn2.aarch64
    kernel-debuginfo-5.4.241-150.347.amzn2.aarch64

i686:
    kernel-headers-5.4.241-150.347.amzn2.i686

src:
    kernel-5.4.241-150.347.amzn2.src

x86_64:
    kernel-5.4.241-150.347.amzn2.x86_64
    kernel-headers-5.4.241-150.347.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.241-150.347.amzn2.x86_64
    perf-5.4.241-150.347.amzn2.x86_64
    perf-debuginfo-5.4.241-150.347.amzn2.x86_64
    python-perf-5.4.241-150.347.amzn2.x86_64
    python-perf-debuginfo-5.4.241-150.347.amzn2.x86_64
    kernel-tools-5.4.241-150.347.amzn2.x86_64
    kernel-tools-devel-5.4.241-150.347.amzn2.x86_64
    kernel-tools-debuginfo-5.4.241-150.347.amzn2.x86_64
    bpftool-5.4.241-150.347.amzn2.x86_64
    bpftool-debuginfo-5.4.241-150.347.amzn2.x86_64
    kernel-devel-5.4.241-150.347.amzn2.x86_64
    kernel-debuginfo-5.4.241-150.347.amzn2.x86_64