Lucene search

K
amazonAmazonALAS-2020-1437
HistoryOct 26, 2020 - 6:08 p.m.

Important: kernel

2020-10-2618:08:00
alas.aws.amazon.com
34

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C

0.011 Low

EPSS

Percentile

84.1%

Issue Overview:

2023-06-29: CVE-2022-20565 was added to this advisory.

An issue in the HID driver in the Linux kernel may lead to invalid memory access. (CVE-2022-20565)

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)

A flaw was found in the Linux kernel’s implementation of BTRFS free space management, where the kernel does not correctly manage the lifetime of internal data structures used. An attacker could use this flaw to corrupt memory or escalate privileges. (CVE-2020-12888)

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices’ MMIO memory address spaces. If a user attempts to access the read/write devices’ MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. This flaw allows a guest user or process to crash the host system resulting in a denial of service. A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. (CVE-2020-14314)

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14390)

A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation. A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)

A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system. (CVE-2020-25284)

A flaw was found in the Linux kernels sysctl handling code for hugepages managment. When multiple root level processes would write to modify the /proc/sys/vm/nr_hugepages file it could create a race on internal variables leading to a system crash or memory corruption. A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)

A flaw was found in the Linux kernel’s implementation of biovecs. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)

A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)

A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)

A missing capabilities check when creating NFC raw sockets could be used by local attackers to create raw sockets, bypassing security mechanisms allowing them to create or listen to NFC communication frames. (CVE-2020-26088)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:  
    kernel-debuginfo-4.14.200-116.320.amzn1.i686  
    kernel-headers-4.14.200-116.320.amzn1.i686  
    perf-debuginfo-4.14.200-116.320.amzn1.i686  
    kernel-debuginfo-common-i686-4.14.200-116.320.amzn1.i686  
    kernel-4.14.200-116.320.amzn1.i686  
    kernel-devel-4.14.200-116.320.amzn1.i686  
    kernel-tools-4.14.200-116.320.amzn1.i686  
    perf-4.14.200-116.320.amzn1.i686  
    kernel-tools-debuginfo-4.14.200-116.320.amzn1.i686  
    kernel-tools-devel-4.14.200-116.320.amzn1.i686  
  
src:  
    kernel-4.14.200-116.320.amzn1.src  
  
x86_64:  
    kernel-tools-4.14.200-116.320.amzn1.x86_64  
    kernel-tools-debuginfo-4.14.200-116.320.amzn1.x86_64  
    kernel-4.14.200-116.320.amzn1.x86_64  
    perf-debuginfo-4.14.200-116.320.amzn1.x86_64  
    kernel-debuginfo-4.14.200-116.320.amzn1.x86_64  
    perf-4.14.200-116.320.amzn1.x86_64  
    kernel-devel-4.14.200-116.320.amzn1.x86_64  
    kernel-tools-devel-4.14.200-116.320.amzn1.x86_64  
    kernel-headers-4.14.200-116.320.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-4.14.200-116.320.amzn1.x86_64  

Additional References

Red Hat: CVE-2019-19448, CVE-2020-12888, CVE-2020-14314, CVE-2020-14331, CVE-2020-14390, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-26088, CVE-2022-20565

Mitre: CVE-2019-19448, CVE-2020-12888, CVE-2020-14314, CVE-2020-14331, CVE-2020-14390, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-26088, CVE-2022-20565

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C

0.011 Low

EPSS

Percentile

84.1%