Main Vulnerability Database SB2021072414

SB2021072414 - openEuler update for kernel

Published: July 24, 2021

Security Bulletin ID SB2021072414

Severity

Medium

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2020-36385)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/infiniband/core/ucma.c, because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.

2) Out-of-bounds read (CVE-ID: CVE-2020-28097)

The vulnerability allows an attacker with physical access to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the Linux kernel’s implementation of the invert video code on VGA consoles. A local user with access to the VGA console can scroll the console, calling an ioctl TIOCL_SCROLLCONSOLE to crash the system, potentially reading random out-of-bound memory on the system.

3) Type Confusion (CVE-ID: CVE-2021-33624)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a type confusion error within kernel/bpf/verifier.c in the Linux kernel. A an unprivileged BPF program can read arbitrary memory locations via a side-channel attack.

4) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-35039)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper signature handling in the kernel/module.c in Linux kernel. If the kernel module is not signed, it still can be loaded into the system via init_module if module.sig_enforce=1 command-line argument is used. As a result, a local user can load unsigned and potentially malicious kernel modules.

5) Out-of-bounds write (CVE-ID: CVE-2021-22555)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

6) Use-after-free (CVE-ID: CVE-2021-3573)

The vulnerability allows local user to escalate their privileges on the system.

The vulnerability exists due to a use-after-free in hci_sock_bound_ioctl() function of the Linux kernel HCI subsystem triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user can use this flaw to crash the system or escalate privileges on the system.

7) Improper access control (CVE-ID: CVE-2021-0129)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure

8) Use of uninitialized resource (CVE-ID: CVE-2021-34693)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

9) Use-after-free (CVE-ID: CVE-2020-36387)

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within thefs/io_uring.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

10) Race condition (CVE-ID: CVE-2021-3609)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

11) Out-of-bounds read (CVE-ID: CVE-2021-3600)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to out-of-bounds read error within the fixup_bpf_calls() function in kernel/bpf/verifier.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1279

Vulnerable Software

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2
kernel-tools-debuginfo: before 4.19.90-2107.4.0.0097
python2-perf-debuginfo: before 4.19.90-2107.4.0.0097
perf-debuginfo: before 4.19.90-2107.4.0.0097
kernel-tools: before 4.19.90-2107.4.0.0097
kernel-debuginfo: before 4.19.90-2107.4.0.0097
kernel-tools-devel: before 4.19.90-2107.4.0.0097
kernel-source: before 4.19.90-2107.4.0.0097
bpftool-debuginfo: before 4.19.90-2107.4.0.0097
python3-perf: before 4.19.90-2107.4.0.0097
bpftool: before 4.19.90-2107.4.0.0097
python3-perf-debuginfo: before 4.19.90-2107.4.0.0097
python2-perf: before 4.19.90-2107.4.0.0097
kernel-debugsource: before 4.19.90-2107.4.0.0097
perf: before 4.19.90-2107.4.0.0097
kernel-devel: before 4.19.90-2107.4.0.0097
kernel: before 4.19.90-2107.4.0.0097

SB2021072414 - openEuler update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human