Important: kernel

Issue Overview:

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. (CVE-2019-19060)

A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308)

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. (CVE-2020-25671)

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect. (CVE-2020-25672)

A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-27171)

A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability. (CVE-2021-28660)

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn’t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)

A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964)

A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel’s stack. (CVE-2021-28972)

A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154)

A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability. (CVE-2021-29265)

A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality. (CVE-2021-29647)

A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3483)

A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2021-22555)

CVE-2021-22555 has been added after the original release, however it was fixed in the patch from 2021-04-20.

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.231-173.360.amzn2.aarch64  
    kernel-headers-4.14.231-173.360.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.231-173.360.amzn2.aarch64  
    perf-4.14.231-173.360.amzn2.aarch64  
    perf-debuginfo-4.14.231-173.360.amzn2.aarch64  
    python-perf-4.14.231-173.360.amzn2.aarch64  
    python-perf-debuginfo-4.14.231-173.360.amzn2.aarch64  
    kernel-tools-4.14.231-173.360.amzn2.aarch64  
    kernel-tools-devel-4.14.231-173.360.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.231-173.360.amzn2.aarch64  
    kernel-devel-4.14.231-173.360.amzn2.aarch64  
    kernel-debuginfo-4.14.231-173.360.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.231-173.360.amzn2.i686  
  
src:  
    kernel-4.14.231-173.360.amzn2.src  
  
x86_64:  
    kernel-4.14.231-173.360.amzn2.x86_64  
    kernel-headers-4.14.231-173.360.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.231-173.360.amzn2.x86_64  
    perf-4.14.231-173.360.amzn2.x86_64  
    perf-debuginfo-4.14.231-173.360.amzn2.x86_64  
    python-perf-4.14.231-173.360.amzn2.x86_64  
    python-perf-debuginfo-4.14.231-173.360.amzn2.x86_64  
    kernel-tools-4.14.231-173.360.amzn2.x86_64  
    kernel-tools-devel-4.14.231-173.360.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.231-173.360.amzn2.x86_64  
    kernel-devel-4.14.231-173.360.amzn2.x86_64  
    kernel-debuginfo-4.14.231-173.360.amzn2.x86_64  
    kernel-livepatch-4.14.231-173.360-1.0-0.amzn2.x86_64  

Additional References

Red Hat: CVE-2019-19060, CVE-2019-7308, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-27171, CVE-2021-22555, CVE-2021-28660, CVE-2021-28688, CVE-2021-28964, CVE-2021-28972, CVE-2021-29154, CVE-2021-29265, CVE-2021-29647, CVE-2021-3483

Mitre: CVE-2019-19060, CVE-2019-7308, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-27171, CVE-2021-22555, CVE-2021-28660, CVE-2021-28688, CVE-2021-28964, CVE-2021-28972, CVE-2021-29154, CVE-2021-29265, CVE-2021-29647, CVE-2021-3483