ALAS2LIVEPATCH-2021-032


Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-032
Advisory Release Date: 2021-01-19 20:18 Pacific
Advisory Updated Date: 2021-04-07 18:54 Pacific
Severity: Important

Issue Overview:

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)


Affected Packages:

kernel-livepatch-4.14.203-156.332


Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.203-156.332 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.203-156.332-1.0-2.amzn2.src

x86_64:
    kernel-livepatch-4.14.203-156.332-1.0-2.amzn2.x86_64
    kernel-livepatch-4.14.203-156.332-debuginfo-1.0-2.amzn2.x86_64