AmazonALAS2-2021-1636Medium: kernel
Issue Overview:
An issue was discovered in the Linux kernel related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access. (CVE-2020-29374)
A use-after-free flaw was found in the Linux kernel’s SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-23133)
A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local,
special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel. (CVE-2021-29155)
A flaw was found in the Linux kernel’s eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality. (CVE-2021-31829)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
New Packages:
aarch64:
kernel-4.14.232-176.381.amzn2.aarch64
kernel-headers-4.14.232-176.381.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.232-176.381.amzn2.aarch64
perf-4.14.232-176.381.amzn2.aarch64
perf-debuginfo-4.14.232-176.381.amzn2.aarch64
python-perf-4.14.232-176.381.amzn2.aarch64
python-perf-debuginfo-4.14.232-176.381.amzn2.aarch64
kernel-tools-4.14.232-176.381.amzn2.aarch64
kernel-tools-devel-4.14.232-176.381.amzn2.aarch64
kernel-tools-debuginfo-4.14.232-176.381.amzn2.aarch64
kernel-devel-4.14.232-176.381.amzn2.aarch64
kernel-debuginfo-4.14.232-176.381.amzn2.aarch64
i686:
kernel-headers-4.14.232-176.381.amzn2.i686
src:
kernel-4.14.232-176.381.amzn2.src
x86_64:
kernel-4.14.232-176.381.amzn2.x86_64
kernel-headers-4.14.232-176.381.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.232-176.381.amzn2.x86_64
perf-4.14.232-176.381.amzn2.x86_64
perf-debuginfo-4.14.232-176.381.amzn2.x86_64
python-perf-4.14.232-176.381.amzn2.x86_64
python-perf-debuginfo-4.14.232-176.381.amzn2.x86_64
kernel-tools-4.14.232-176.381.amzn2.x86_64
kernel-tools-devel-4.14.232-176.381.amzn2.x86_64
kernel-tools-debuginfo-4.14.232-176.381.amzn2.x86_64
kernel-devel-4.14.232-176.381.amzn2.x86_64
kernel-debuginfo-4.14.232-176.381.amzn2.x86_64
kernel-livepatch-4.14.232-176.381-1.0-0.amzn2.x86_64
Additional References
Red Hat: CVE-2020-29374, CVE-2021-23133, CVE-2021-29155, CVE-2021-31829
Mitre: CVE-2020-29374, CVE-2021-23133, CVE-2021-29155, CVE-2021-31829
Related
