Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-031
Advisory Release Date: 2021-01-19 20:18 Pacific
Advisory Updated Date: 2021-04-07 18:54 Pacific
Severity:
Important
Issue Overview:
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)
Affected Packages:
kernel-livepatch-4.14.200-155.322
Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.200-155.322 to update your system.
New Packages:
src:
kernel-livepatch-4.14.200-155.322-1.0-2.amzn2.src
x86_64:
kernel-livepatch-4.14.200-155.322-1.0-2.amzn2.x86_64
kernel-livepatch-4.14.200-155.322-debuginfo-1.0-2.amzn2.x86_64