Fedora 33 update for kernel, kernel-headers, kernel-tools



Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-23134
CVE-2021-3490
CVE-2021-3489
CVE-2021-3491
CWE-ID CWE-416
CWE-787
CWE-125
Exploitation vector Local
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerable software
 Fedora
Operating systems & Components / Operating system

kernel-tools
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor Fedoraproject

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU63657

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-23134

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in nfc sockets in the Linux Kernel. A local user with the CAP_NET_RAW capability can trigger use-after-free and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 33

kernel-tools: before 5.11.20-200.fc33

kernel-headers: before 5.11.20-200.fc33

kernel: before 5.11.20-200.fc33

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2021-05152dbcf5


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU55975

Risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2021-3490

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in bpf. The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 33

kernel-tools: before 5.11.20-200.fc33

kernel-headers: before 5.11.20-200.fc33

kernel: before 5.11.20-200.fc33

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2021-05152dbcf5


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Out-of-bounds read

EUVDB-ID: #VU90367

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3489

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the __bpf_ringbuf_reserve() function in kernel/bpf/ringbuf.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 33

kernel-tools: before 5.11.20-200.fc33

kernel-headers: before 5.11.20-200.fc33

kernel: before 5.11.20-200.fc33

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2021-05152dbcf5


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU68301

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3491

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being used in mem_rw when reading /proc/<PID>/mem. A local user can trigger a heap overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 33

kernel-tools: before 5.11.20-200.fc33

kernel-headers: before 5.11.20-200.fc33

kernel: before 5.11.20-200.fc33

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2021-05152dbcf5


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###