Important: kernel

Issue Overview:

2023-06-29: CVE-2023-28772 was added to this advisory. The severity level has changed from Medium to Important.

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. (CVE-2023-28772)

A flaw was found in the Linux kernel, where an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality. (CVE-2021-34556)

A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem (CVE-2021-35477)

A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.241-184.433.amzn2.aarch64  
    kernel-headers-4.14.241-184.433.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.241-184.433.amzn2.aarch64  
    perf-4.14.241-184.433.amzn2.aarch64  
    perf-debuginfo-4.14.241-184.433.amzn2.aarch64  
    python-perf-4.14.241-184.433.amzn2.aarch64  
    python-perf-debuginfo-4.14.241-184.433.amzn2.aarch64  
    kernel-tools-4.14.241-184.433.amzn2.aarch64  
    kernel-tools-devel-4.14.241-184.433.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.241-184.433.amzn2.aarch64  
    kernel-devel-4.14.241-184.433.amzn2.aarch64  
    kernel-debuginfo-4.14.241-184.433.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.241-184.433.amzn2.i686  
  
src:  
    kernel-4.14.241-184.433.amzn2.src  
  
x86_64:  
    kernel-4.14.241-184.433.amzn2.x86_64  
    kernel-headers-4.14.241-184.433.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.241-184.433.amzn2.x86_64  
    perf-4.14.241-184.433.amzn2.x86_64  
    perf-debuginfo-4.14.241-184.433.amzn2.x86_64  
    python-perf-4.14.241-184.433.amzn2.x86_64  
    python-perf-debuginfo-4.14.241-184.433.amzn2.x86_64  
    kernel-tools-4.14.241-184.433.amzn2.x86_64  
    kernel-tools-devel-4.14.241-184.433.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.241-184.433.amzn2.x86_64  
    kernel-devel-4.14.241-184.433.amzn2.x86_64  
    kernel-debuginfo-4.14.241-184.433.amzn2.x86_64  
    kernel-livepatch-4.14.241-184.433-1.0-0.amzn2.x86_64  

Additional References

Red Hat: CVE-2021-34556, CVE-2021-35477, CVE-2021-3655, CVE-2023-28772

Mitre: CVE-2021-34556, CVE-2021-35477, CVE-2021-3655, CVE-2023-28772