ALAS-2021-1503


Amazon Linux AMI Security Advisory: ALAS-2021-1503
Advisory Release Date: 2021-05-20 21:12 Pacific
Advisory Updated Date: 2021-05-21 18:49 Pacific
Severity: Low

Issue Overview:

kernel: refcount leak in llcp_sock_bind() (CVE-2020-25670)

kernel: refcount leak in llcp_sock_connect() (CVE-2020-25671)

kernel: memory leak in llcp_sock_connect() (CVE-2020-25672)

An issue was discovered in the Linux kernel related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access. (CVE-2020-29374)

A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-23133)

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)

A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964)

A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled. (CVE-2021-28971)

A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154)

A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel. (CVE-2021-29155)

A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality. (CVE-2021-31829)

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
i686:
    kernel-devel-4.14.232-123.381.amzn1.i686
    kernel-tools-devel-4.14.232-123.381.amzn1.i686
    kernel-headers-4.14.232-123.381.amzn1.i686
    perf-4.14.232-123.381.amzn1.i686
    kernel-tools-debuginfo-4.14.232-123.381.amzn1.i686
    kernel-debuginfo-common-i686-4.14.232-123.381.amzn1.i686
    kernel-4.14.232-123.381.amzn1.i686
    kernel-debuginfo-4.14.232-123.381.amzn1.i686
    kernel-tools-4.14.232-123.381.amzn1.i686
    perf-debuginfo-4.14.232-123.381.amzn1.i686

src:
    kernel-4.14.232-123.381.amzn1.src

x86_64:
    perf-debuginfo-4.14.232-123.381.amzn1.x86_64
    kernel-devel-4.14.232-123.381.amzn1.x86_64
    kernel-tools-debuginfo-4.14.232-123.381.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.232-123.381.amzn1.x86_64
    kernel-headers-4.14.232-123.381.amzn1.x86_64
    perf-4.14.232-123.381.amzn1.x86_64
    kernel-tools-4.14.232-123.381.amzn1.x86_64
    kernel-4.14.232-123.381.amzn1.x86_64
    kernel-debuginfo-4.14.232-123.381.amzn1.x86_64
    kernel-tools-devel-4.14.232-123.381.amzn1.x86_64