Important: kernel

Issue Overview:

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. (CVE-2020-26558)

A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2021-0129)

A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem. (CVE-2021-29650)

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-32399)

A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034)

A flaw was found in the Linux kernel’s BPF subsystem, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality. (CVE-2021-33624)

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. (CVE-2021-3564)

A flaw use-after-free in the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-3573)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.238-182.421.amzn2.aarch64  
    kernel-headers-4.14.238-182.421.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.238-182.421.amzn2.aarch64  
    perf-4.14.238-182.421.amzn2.aarch64  
    perf-debuginfo-4.14.238-182.421.amzn2.aarch64  
    python-perf-4.14.238-182.421.amzn2.aarch64  
    python-perf-debuginfo-4.14.238-182.421.amzn2.aarch64  
    kernel-tools-4.14.238-182.421.amzn2.aarch64  
    kernel-tools-devel-4.14.238-182.421.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.238-182.421.amzn2.aarch64  
    kernel-devel-4.14.238-182.421.amzn2.aarch64  
    kernel-debuginfo-4.14.238-182.421.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.238-182.421.amzn2.i686  
  
src:  
    kernel-4.14.238-182.421.amzn2.src  
  
x86_64:  
    kernel-4.14.238-182.421.amzn2.x86_64  
    kernel-headers-4.14.238-182.421.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.238-182.421.amzn2.x86_64  
    perf-4.14.238-182.421.amzn2.x86_64  
    perf-debuginfo-4.14.238-182.421.amzn2.x86_64  
    python-perf-4.14.238-182.421.amzn2.x86_64  
    python-perf-debuginfo-4.14.238-182.421.amzn2.x86_64  
    kernel-tools-4.14.238-182.421.amzn2.x86_64  
    kernel-tools-devel-4.14.238-182.421.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.238-182.421.amzn2.x86_64  
    kernel-devel-4.14.238-182.421.amzn2.x86_64  
    kernel-debuginfo-4.14.238-182.421.amzn2.x86_64  
    kernel-livepatch-4.14.238-182.421-1.0-0.amzn2.x86_64  

Additional References

Red Hat: CVE-2020-26558, CVE-2021-0129, CVE-2021-29650, CVE-2021-32399, CVE-2021-33034, CVE-2021-33624, CVE-2021-3564, CVE-2021-3573

Mitre: CVE-2020-26558, CVE-2021-0129, CVE-2021-29650, CVE-2021-32399, CVE-2021-33034, CVE-2021-33624, CVE-2021-3564, CVE-2021-3573