7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.2%
Issue Overview:
2024-04-24: CVE-2021-46953 was added to this advisory.
2024-04-24: CVE-2021-46939 was added to this advisory.
2024-04-24: CVE-2021-46950 was added to this advisory.
2024-04-24: CVE-2021-46938 was added to this advisory.
2024-03-13: CVE-2021-46906 was added to this advisory.
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. (CVE-2020-26558)
A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2021-0129)
A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem. (CVE-2021-29650)
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-32399)
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034)
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. (CVE-2021-33624)
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. (CVE-2021-3564)
A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-3573)
In the Linux kernel, the following vulnerability has been resolved:
HID: usbhid: fix info leak in hid_submit_ctrl
In hid_submit_ctrl(), the way of calculating the report length doesn’t
take into account that report->size can be zero. When running the
syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to
calculate transfer_buffer_length as 16384. When this urb is passed to
the usb core layer, KMSAN reports an info leak of 16384 bytes.
To fix this, first modify hid_report_len() to account for the zero
report size case by using DIV_ROUND_UP for the division. Then, call it
from hid_submit_ctrl(). (CVE-2021-46906)
In the Linux kernel, the following vulnerability has been resolved:
dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (CVE-2021-46938)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: properly indicate failure when ending a failed write request
This patch addresses a data corruption bug in raid1 arrays using bitmaps.
Without this fix, the bitmap bits for the failed I/O end up being cleared.
Since we are in the failure leg of raid1_end_write_request, the request
either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded). (CVE-2021-46950)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: GTDT: Don’t corrupt interrupt mappings on watchdow probe failure (CVE-2021-46953)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
New Packages:
aarch64:
kernel-4.14.238-182.421.amzn2.aarch64
kernel-headers-4.14.238-182.421.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.238-182.421.amzn2.aarch64
perf-4.14.238-182.421.amzn2.aarch64
perf-debuginfo-4.14.238-182.421.amzn2.aarch64
python-perf-4.14.238-182.421.amzn2.aarch64
python-perf-debuginfo-4.14.238-182.421.amzn2.aarch64
kernel-tools-4.14.238-182.421.amzn2.aarch64
kernel-tools-devel-4.14.238-182.421.amzn2.aarch64
kernel-tools-debuginfo-4.14.238-182.421.amzn2.aarch64
kernel-devel-4.14.238-182.421.amzn2.aarch64
kernel-debuginfo-4.14.238-182.421.amzn2.aarch64
i686:
kernel-headers-4.14.238-182.421.amzn2.i686
src:
kernel-4.14.238-182.421.amzn2.src
x86_64:
kernel-4.14.238-182.421.amzn2.x86_64
kernel-headers-4.14.238-182.421.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.238-182.421.amzn2.x86_64
perf-4.14.238-182.421.amzn2.x86_64
perf-debuginfo-4.14.238-182.421.amzn2.x86_64
python-perf-4.14.238-182.421.amzn2.x86_64
python-perf-debuginfo-4.14.238-182.421.amzn2.x86_64
kernel-tools-4.14.238-182.421.amzn2.x86_64
kernel-tools-devel-4.14.238-182.421.amzn2.x86_64
kernel-tools-debuginfo-4.14.238-182.421.amzn2.x86_64
kernel-devel-4.14.238-182.421.amzn2.x86_64
kernel-debuginfo-4.14.238-182.421.amzn2.x86_64
kernel-livepatch-4.14.238-182.421-1.0-0.amzn2.x86_64
Red Hat: CVE-2020-26558, CVE-2021-0129, CVE-2021-29650, CVE-2021-32399, CVE-2021-33034, CVE-2021-33624, CVE-2021-3564, CVE-2021-3573, CVE-2021-46906, CVE-2021-46938, CVE-2021-46939, CVE-2021-46950, CVE-2021-46953
Mitre: CVE-2020-26558, CVE-2021-0129, CVE-2021-29650, CVE-2021-32399, CVE-2021-33034, CVE-2021-33624, CVE-2021-3564, CVE-2021-3573, CVE-2021-46906, CVE-2021-46938, CVE-2021-46939, CVE-2021-46950, CVE-2021-46953
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.2%