SB2021101518 - openEuler update for kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2021-3669)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2021-3764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2021-3744)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.

4) Code Injection (CVE-ID: CVE-2021-38300)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the arch/mips/net/bpf_jit.c in the Linux kernel. A local user can send a specially crafted request and execute arbitrary code on the target system.

5) Use-after-free (CVE-ID: CVE-2021-3752)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.

6) Improper Initialization (CVE-ID: CVE-2021-20317)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization the Linux kernel. A corrupted timer tree causes the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. A local user can run a specially crafted application to crash the kernel.

7) Out-of-bounds write (CVE-ID: CVE-2021-41864)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.

8) Out-of-bounds write (CVE-ID: CVE-2021-42008)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the decode_data() function in drivers/net/hamradio/6pack.c in the Linux kernel. A local user can send input from a process that has the CAP_NET_ADMIN capability and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1379