Important: kernel

Issue Overview:

2024-08-14: CVE-2022-48804 was added to this advisory.

2024-08-14: CVE-2022-48805 was added to this advisory.

2024-08-14: CVE-2022-48809 was added to this advisory.

2024-08-01: CVE-2022-48742 was added to this advisory.

2024-08-01: CVE-2022-48711 was added to this advisory.

2024-08-01: CVE-2022-48760 was added to this advisory.

2024-08-01: CVE-2022-48724 was added to this advisory.

2024-08-01: CVE-2022-48743 was added to this advisory.

2024-08-01: CVE-2021-47620 was added to this advisory.

A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2018-25020)

A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system. (CVE-2020-36322)

AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances (5a). This is done by default, and no administrator action is needed. (CVE-2021-26341)

AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances (5a). This is done by default, and no administrator action is needed. (CVE-2021-26401)

A flaw was found in the hanging of mounts in the Linux kernel’s NFS4 subsystem where remote servers are unreachable for the client during migration of data from one server to another (during trunking detection). This flaw allows a remote NFS4 server (if the client is connected) to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-38199)

An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: refactor malicious adv data check (CVE-2021-47620)

Non-transparent sharing of branch predictor selectors between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure. (CVE-2022-0001)

Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)

A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in the way the user triggers the udf_file_write_iter function for a malicious UDF image. This flaw allows a local user to crash the system. (CVE-2022-0617)

The Amazon Linux kernel now enables, by default, a software mitigation for this issue, on all ARM-based EC2 instance types. (CVE-2022-23960)

A flaw was found in the Linux kernel. When an application tries to open a directory (using the O_DIRECTORY flag) in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor instead of the expected ENOTDIR value. This flaw leads to the kernel’s data leak into the userspace. (CVE-2022-24448)

In the Linux kernel, the following vulnerability has been resolved:

tipc: improve size validations for received domain records (CVE-2022-48711)

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (CVE-2022-48724)

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (CVE-2022-48742)

In the Linux kernel, the following vulnerability has been resolved:

net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)

In the Linux kernel, the following vulnerability has been resolved:

USB: core: Fix hang in usb_kill_urb by adding memory barriers (CVE-2022-48760)

In the Linux kernel, the following vulnerability has been resolved:

vt_ioctl: fix array_index_nospec in vt_setactivate (CVE-2022-48804)

In the Linux kernel, the following vulnerability has been resolved:

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (CVE-2022-48805)

In the Linux kernel, the following vulnerability has been resolved:

net: fix a memleak when uncloning an skb dst and its metadata (CVE-2022-48809)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.268-205.500.amzn2.aarch64  
    kernel-headers-4.14.268-205.500.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.268-205.500.amzn2.aarch64  
    perf-4.14.268-205.500.amzn2.aarch64  
    perf-debuginfo-4.14.268-205.500.amzn2.aarch64  
    python-perf-4.14.268-205.500.amzn2.aarch64  
    python-perf-debuginfo-4.14.268-205.500.amzn2.aarch64  
    kernel-tools-4.14.268-205.500.amzn2.aarch64  
    kernel-tools-devel-4.14.268-205.500.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.268-205.500.amzn2.aarch64  
    kernel-devel-4.14.268-205.500.amzn2.aarch64  
    kernel-debuginfo-4.14.268-205.500.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.268-205.500.amzn2.i686  
  
src:  
    kernel-4.14.268-205.500.amzn2.src  
  
x86_64:  
    kernel-4.14.268-205.500.amzn2.x86_64  
    kernel-headers-4.14.268-205.500.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.268-205.500.amzn2.x86_64  
    perf-4.14.268-205.500.amzn2.x86_64  
    perf-debuginfo-4.14.268-205.500.amzn2.x86_64  
    python-perf-4.14.268-205.500.amzn2.x86_64  
    python-perf-debuginfo-4.14.268-205.500.amzn2.x86_64  
    kernel-tools-4.14.268-205.500.amzn2.x86_64  
    kernel-tools-devel-4.14.268-205.500.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.268-205.500.amzn2.x86_64  
    kernel-devel-4.14.268-205.500.amzn2.x86_64  
    kernel-debuginfo-4.14.268-205.500.amzn2.x86_64  
    kernel-livepatch-4.14.268-205.500-1.0-0.amzn2.x86_64  

Additional References

Red Hat: CVE-2018-25020, CVE-2020-36322, CVE-2021-26341, CVE-2021-26401, CVE-2021-38199, CVE-2021-4197, CVE-2021-47620, CVE-2022-0001, CVE-2022-0002, CVE-2022-0330, CVE-2022-0435, CVE-2022-0617, CVE-2022-23960, CVE-2022-24448, CVE-2022-48711, CVE-2022-48724, CVE-2022-48742, CVE-2022-48743, CVE-2022-48760, CVE-2022-48804, CVE-2022-48805, CVE-2022-48809

Mitre: CVE-2018-25020, CVE-2020-36322, CVE-2021-26341, CVE-2021-26401, CVE-2021-38199, CVE-2021-4197, CVE-2021-47620, CVE-2022-0001, CVE-2022-0002, CVE-2022-0330, CVE-2022-0435, CVE-2022-0617, CVE-2022-23960, CVE-2022-24448, CVE-2022-48711, CVE-2022-48724, CVE-2022-48742, CVE-2022-48743, CVE-2022-48760, CVE-2022-48804, CVE-2022-48805, CVE-2022-48809