Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-030
Advisory Release Date: 2020-12-02 19:29 Pacific
Advisory Updated Date: 2021-04-07 18:54 Pacific
A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system. (CVE-2020-25284)
Affected Packages:
kernel-livepatch-4.14.198-152.320
Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.198-152.320 to update your system.
src:
kernel-livepatch-4.14.198-152.320-1.0-2.amzn2.src
x86_64:
kernel-livepatch-4.14.198-152.320-1.0-2.amzn2.x86_64
kernel-livepatch-4.14.198-152.320-debuginfo-1.0-2.amzn2.x86_64