SB2021052418 - Amazon Linux AMI update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052418

SB2021052418 - Amazon Linux AMI update for kernel

Published: May 24, 2021

Security Bulletin ID SB2021052418
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 7% Low 93%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2020-25670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can perform manipulation with an unknown input for the llcp_sock_bind() function to crash or escalate their privileges on the system.


2) Use-after-free (CVE-ID: CVE-2020-25671)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can trigger the llcp_sock_connect() function to crash or escalate their privileges on the system.


3) Memory leak (CVE-ID: CVE-2020-25672)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the NFC LLCP protocol implementation when triggering the llcp_sock_connect() function. A remote attacker can force the application to leak memory and perform denial of service attack.


4) Resource exhaustion (CVE-ID: CVE-2020-25673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control consumption of internal resources in non-blocking socket in llcp_sock_connect() function. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.


5) Race condition (CVE-ID: CVE-2020-29374)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the mm/gup.c and mm/huge_memory.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information.


6) Race condition (CVE-ID: CVE-2021-23133)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Linux kernel SCTP sockets (net/sctp/socket.c). If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by a local user with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.


7) Improper Initialization (CVE-ID: CVE-2021-28688)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.


8) Race condition (CVE-ID: CVE-2021-28964)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a race condition in the get_old_root() function in fs/btrfs/ctree.c component in the Linux kernel. A local user can exploit the race and perform a denial of service attack.


9) Resource exhaustion (CVE-ID: CVE-2021-28971)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to mishandling of PEBS status in a PEBS record In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.


10) Command Injection (CVE-ID: CVE-2021-29154)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.


11) Out-of-bounds read (CVE-ID: CVE-2021-29155)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism. A local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.


12) Information disclosure (CVE-ID: CVE-2021-31829)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the Linux kernel's eBPF verification code. A local user can insert eBPF instructions, use the eBPF verifier to abuse a spectre-like flaw and infer all system memory.


13) Out-of-bounds write (CVE-ID: CVE-2021-31916)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module. A special user (CAP_SYS_ADMIN) can trigger a buffer overflow in the ioctl for listing devices and escalate privileges on the system.


14) Use-after-free (CVE-ID: CVE-2021-33033)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the CIPSO and CALIPSO refcounting for the DOI definitions in cipso_v4_genopt(0 function in net/ipv4/cipso_ipv4.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with escalated privileges.


Remediation

Install update from vendor's website.

References