ALAS2LIVEPATCH-2021-045


Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-045
Advisory Release Date: 2021-04-29 19:12 Pacific
Advisory Updated Date: 2021-05-03 21:15 Pacific
Severity: Low

Issue Overview:

A low severity issue was found in the Nitro Enclaves Linux kernel driver that could lead to local privilege escalation. The issue does not break the isolation or security of what is running inside the enclave as the Nitro Enclave's security model already excludes the instance running the Nitro Enclaves kernel driver from its trust boundary.

For the issue to occur, the Nitro Enclaves kernel module needs to be loaded and in use, and Nitro Enclave (ne) group permissions are required. Only trusted Nitro Enclaves software runs with the ne group permissions, and no interactive logins are in the group by default. As a result, the only actors in a position to take advantage of this issue would already have to have root privileges. While this issue has no impact to Nitro Enclave's security or isolation properties, we recommend that customers update to the latest Kernel provided by Amazon Linux.


Affected Packages:

kernel-livepatch-4.14.214-160.339


Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.214-160.339 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.214-160.339-1.0-5.amzn2.src

x86_64:
    kernel-livepatch-4.14.214-160.339-1.0-5.amzn2.x86_64
    kernel-livepatch-4.14.214-160.339-debuginfo-1.0-5.amzn2.x86_64