Important: kernel

Issue Overview:

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)

A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation. (CVE-2019-19816)

Array index out of bounds access when setting extended attributes on journaling filesystems. (CVE-2020-27815)

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. (CVE-2020-29569)

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:  
    kernel-headers-4.14.214-118.339.amzn1.i686  
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686  
    kernel-debuginfo-4.14.214-118.339.amzn1.i686  
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686  
    kernel-devel-4.14.214-118.339.amzn1.i686  
    perf-debuginfo-4.14.214-118.339.amzn1.i686  
    kernel-4.14.214-118.339.amzn1.i686  
    perf-4.14.214-118.339.amzn1.i686  
    kernel-tools-devel-4.14.214-118.339.amzn1.i686  
    kernel-tools-4.14.214-118.339.amzn1.i686  
  
src:  
    kernel-4.14.214-118.339.amzn1.src  
  
x86_64:  
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64  
    kernel-headers-4.14.214-118.339.amzn1.x86_64  
    kernel-tools-4.14.214-118.339.amzn1.x86_64  
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64  
    kernel-devel-4.14.214-118.339.amzn1.x86_64  
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64  
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64  
    perf-4.14.214-118.339.amzn1.x86_64  
    kernel-4.14.214-118.339.amzn1.x86_64  

Additional References

Red Hat: CVE-2019-19813, CVE-2019-19816, CVE-2020-27815, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661

Mitre: CVE-2019-19813, CVE-2019-19816, CVE-2020-27815, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661