SB2021030571 - openEuler 20.03 LTS SP1 update for kernel
Published: March 5, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2020-28374)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.
2) Buffer overflow (CVE-ID: CVE-2020-29568)
The vulnerability allows a local authenticated user to a crash the entire system.
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
3) Buffer overflow (CVE-ID: CVE-2020-29568)
The vulnerability allows a local authenticated user to a crash the entire system.
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
4) Out-of-bounds read (CVE-ID: CVE-2020-27068)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Kernel. A local application can gain unauthorized access to sensitive information on the system.
5) Use-after-free (CVE-ID: CVE-2020-27786)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the MIDI implementation in Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
6) Use-after-free (CVE-ID: CVE-2021-3347)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2021-3348)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_add_socket in drivers/block/nbd.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
8) Input validation error (CVE-ID: CVE-2020-0423)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Binder component in OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
9) Buffer overflow (CVE-ID: CVE-2020-36158)
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to buffer overflow error within the mwifiex_cmd_802_11_ad_hoc_start() function in drivers/net/wireless/marvell/mwifiex/join.c. A local privileged user can execute arbitrary code.
10) Improper access control (CVE-ID: CVE-2020-8694)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Linux kernel driver. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
Affected products:
|
Product Collection |
Vertical Segment |
CPUID |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Mobile |
906EC |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906EC |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
Desktop |
906EB |
|
Intel® Xeon® Processor E Family |
Server Workstation AMT Server |
906EA |
|
8th Generation Intel® Core™ Processor Family |
Desktop |
906EA |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
9th Generation Intel® Core™ Processor Family |
Desktop |
906ED |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0660 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0661 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
806EC |
|
10th Generation Intel® Core™ Processor Family |
Desktop |
A0653 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0655 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
A0652 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A1 |
|
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
Desktop Mobile Embedded |
706A8 |
|
10th Generation Intel® Core™ Processor Family |
Mobile |
706E5 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile Embedded |
906E9 |
|
8th Generation Intel® Core™ Processor Family |
Mobile |
806EA |
|
7th Generation Intel® Core™ Processor Family |
Desktop Embedded |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
Intel® Core™ X-series Processors |
Desktop |
906E9 |
|
Intel® Xeon® Processor E3 v6 Family |
Server Workstation AMT Server |
906E9 |
|
7th Generation Intel® Core™ Processor Family |
Mobile |
806E9 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Desktop Embedded |
506E3 |
|
6th Generation Intel® Core™ Processors |
Mobile |
406E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
Intel® Xeon® Processor E3 v5 Family |
Server Workstation AMT Server |
506E3 |
|
6th Generation Intel® Core™ Processor Family |
Mobile |
406E3 |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EB |
|
8th Generation Intel® Core™ Processors |
Mobile |
806EC |
11) Information disclosure (CVE-ID: CVE-2020-4788)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.
12) Resource management error (CVE-ID: CVE-2019-16089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to nbd_genl_status() function in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. A local user can run a specially crafted program to cause the kernel to crash.
13) Out-of-bounds write (CVE-ID: CVE-2020-0465)
The vulnerability allows an attacker with physical access to escalate privileges on the system.
The vulnerability exists due to an out of bounds write in various methods of hid-multitouch.c. An attacker with physical access can trigger out-of-bounds write and escalate privileges on the system.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0466)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error, related to I/O subsystem in kernel. A local user can elevated privileges on the system.
15) Out-of-bounds read (CVE-ID: CVE-2021-20177)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.
Remediation
Install update from vendor's website.