Lucene search

K
centosCentOS ProjectCESA-2021:3801
HistoryNov 17, 2021 - 3:22 p.m.

bpftool, kernel, perf, python security update

2021-11-1715:22:13
CentOS Project
lists.centos.org
173

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

0.001 Low

EPSS

Percentile

40.5%

CentOS Errata and Security Advisory CESA-2021:3801

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  • kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)

  • kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  • kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Kernel panic due to double fault with DLM reporting for socket error “sk_err=32/0” (BZ#1834878)

  • “MFW indication via attention” message getting logged frequently after every 5 minutes (BZ#1854544)

  • lpfc fails to discovery in pt2pt with “2754 PRLI failure DID:0000EF Status:x9/x91e00, data: x0” (BZ#1922479)

  • pcpu_get_vm_areas using most memory from VmallocUsed (BZ#1970618)

  • RHEL 7.9.z [qedf driver] Racing condition between qedf_cleanup_fcport and releasing command after timeout (BZ#1982702)

  • [Azure] RHEL 7.9 reports GPU/IB topology incorrectly on some Azure SKUs (BZ#1984128)

  • [stable guest ABI]Hot add CPU after migration cause guest hang (BZ#1991856)

  • i40e driver crash at RIP: i40e_config_vf_promiscuous_mode+0x165 (BZ#1993850)

  • [nfs] Performance issue since commit 5a4f6f11951e (BZ#1995649)

  • [kernel] Indefinite waiting for RCU callback while removing cgroup (BZ#2000973)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-November/086189.html

Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2021:3801

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

0.001 Low

EPSS

Percentile

40.5%