SB2021072182 - Slackware Linux update for kernel
Published: July 21, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2021-33909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow during size_t-to-int conversion when creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. An unprivileged local user can write up to 10-byte string to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.
Successful exploitation of vulnerability may allow an attacker to exploit the our-of-bounds write vulnerability to execute arbitrary code with root privileges.
2) Memory leak (CVE-ID: CVE-2019-19060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode()" function in d"rivers/iio/imu/adis_buffer.c" file. A local user can perform a denial of service attack.
3) Memory leak (CVE-ID: CVE-2019-19061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode_burst()" function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows a local user to cause a denial of service (memory consumption).
4) Out-of-bounds write (CVE-ID: CVE-2021-28660)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "rtw_wx_set_scan" in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c. A local user can trigger out-of-bounds write and execute arbitrary code on the target system.
5) Race condition (CVE-ID: CVE-2021-20261)
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to a race condition within the set_fdc(), do_format(), user_reset_fdc(), set_geometry(), get_floppy_geometry(), fd_locked_ioctl(), floppy_check_events() and floppy_revalidate() functions in drivers/block/floppy.c. A local privileged user can execute arbitrary code.
6) Race condition (CVE-ID: CVE-2021-29265)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the usbip_sockfd_store() function in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.
7) Null pointer dereference (CVE-ID: CVE-2019-16232)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
8) Race condition (CVE-ID: CVE-2021-28964)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a race condition in the get_old_root() function in fs/btrfs/ctree.c component in the Linux kernel. A local user can exploit the race and perform a denial of service attack.
9) Buffer overflow (CVE-ID: CVE-2021-28972)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Improper Initialization (CVE-ID: CVE-2021-28688)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.
11) Use-after-free (CVE-ID: CVE-2021-3483)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.
12) Command Injection (CVE-ID: CVE-2021-29154)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.
13) Out-of-bounds write (CVE-ID: CVE-2021-22555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
14) Memory leak (CVE-ID: CVE-2020-25672)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the NFC LLCP protocol implementation when triggering the llcp_sock_connect() function. A remote attacker can force the application to leak memory and perform denial of service attack.
15) Resource exhaustion (CVE-ID: CVE-2020-25673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper control consumption of internal resources in non-blocking socket in llcp_sock_connect() function. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2020-25670)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can perform manipulation with an unknown input for the llcp_sock_bind() function to crash or escalate their privileges on the system.
17) Use-after-free (CVE-ID: CVE-2020-25671)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the NFC LLCP protocol implementation. A local user can trigger the llcp_sock_connect() function to crash or escalate their privileges on the system.
18) Use-after-free (CVE-ID: CVE-2021-33034)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in net/bluetooth/hci_event.c when destroying an hci_chan. A local user can escalate privileges on the system.
19) Privilege escalation (CVE-ID: CVE-2017-0605)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to a flaw in the kernel trace subsystem. A local attacker can run a specially crafted application and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
20) Out-of-bounds write (CVE-ID: CVE-2021-31916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module. A special user (CAP_SYS_ADMIN) can trigger a buffer overflow in the ioctl for listing devices and escalate privileges on the system.
21) Security features bypass (CVE-ID: CVE-2020-26558)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
- BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
- BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
- LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2
22) Improper access control (CVE-ID: CVE-2021-0129)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure
23) Information disclosure (CVE-ID: CVE-2020-24587)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
24) Input validation error (CVE-ID: CVE-2020-24586)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.
25) Spoofing attack (CVE-ID: CVE-2020-24588)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
26) Input validation error (CVE-ID: CVE-2020-26139)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to forwarding EAPOL frames even though the sender is not yet authenticated. A remote attacker on the local network can cause a denial of service (DoS) condition on the target system.
27) Input validation error (CVE-ID: CVE-2020-26147)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments
28) Buffer overflow (CVE-ID: CVE-2021-29650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.
29) Race condition (CVE-ID: CVE-2021-32399)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
30) Double Free (CVE-ID: CVE-2021-3564)
The vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.
31) Use-after-free (CVE-ID: CVE-2021-3573)
The vulnerability allows local user to escalate their privileges on the system.
The vulnerability exists due to a use-after-free in hci_sock_bound_ioctl() function of the Linux kernel HCI subsystem triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user can use this flaw to crash the system or escalate privileges on the system.
32) Use of uninitialized resource (CVE-ID: CVE-2021-34693)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
Remediation
Install update from vendor's website.