[ALAS-2021-1487] Amazon Linux AMI 2014.03 - ALAS-2021-1487: important priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2021-28038:
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
CVE-2021-27365:
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1930078: CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem
CVE-2021-27364:
A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability.
1930080: CVE-2021-27364 kernel: out-of-bounds read in libiscsi module
CVE-2021-27363:
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system.
1930079: CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles
CVE-2021-26932:
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
CVE-2021-26931:
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
CVE-2021-26930:
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
- ID
- ALAS-2021-1487
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2021-1487.html
- Published
-
2021-03-18T17:29:00
(3 years ago) - Modified
-
2021-03-19T23:18:00
(3 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS2-2021-1616
-
ALSA-2021:1093
-
ELSA-2021-1071
-
ELSA-2021-1093
-
ELSA-2021-9051
-
ELSA-2021-9052
-
ELSA-2021-9053
-
ELSA-2021-9057
-
ELSA-2021-9058
-
ELSA-2021-9067
-
ELSA-2021-9068
-
ELSA-2021-9079
-
ELSA-2021-9085
-
ELSA-2021-9086
-
ELSA-2021-9112
-
ELSA-2021-9113
-
ELSA-2021-9114
-
ELSA-2021-9115
-
ELSA-2021-9116
-
ELSA-2021-9135
-
ELSA-2021-9136
-
ELSA-2021-9140
-
ELSA-2021-9141
-
ELSA-2021-9164
-
ELSA-2021-9172
-
ELSA-2021-9175
-
ELSA-2021-9212
-
ELSA-2021-9215
-
ELSA-2021-9220
-
ELSA-2021-9221
-
FEDORA-2021-7143aca8cb
-
FEDORA-2021-8d45d297c6
-
FREEBSD:5B8C6E1E-770F-11EB-B87A-901B0EF719AB
-
MS:CVE-2021-26930
-
MS:CVE-2021-26931
-
MS:CVE-2021-26932
-
MS:CVE-2021-27363
-
MS:CVE-2021-27364
-
MS:CVE-2021-27365
-
openSUSE-SU-2021:0393-1
-
openSUSE-SU-2021:0532-1
-
openSUSE-SU-2021:0758-1
-
openSUSE-SU-2021:1975-1
-
openSUSE-SU-2021:1977-1
-
RHSA-2021:1069
-
RHSA-2021:1070
-
RHSA-2021:1071
-
RHSA-2021:1081
-
RHSA-2021:1093
-
SSA:2021-072-01
-
SUSE-SU-2021:0735-1
-
SUSE-SU-2021:0736-1
-
SUSE-SU-2021:0737-1
-
SUSE-SU-2021:0738-1
-
SUSE-SU-2021:0740-1
-
SUSE-SU-2021:0741-1
-
SUSE-SU-2021:0743-1
-
SUSE-SU-2021:0744-1
-
SUSE-SU-2021:1046-1
-
SUSE-SU-2021:1074-1
-
SUSE-SU-2021:1075-1
-
SUSE-SU-2021:1145-1
-
SUSE-SU-2021:1148-1
-
SUSE-SU-2021:1175-1
-
SUSE-SU-2021:1176-1
-
SUSE-SU-2021:1177-1
-
SUSE-SU-2021:1210-1
-
SUSE-SU-2021:1211-1
-
SUSE-SU-2021:1238-1
-
SUSE-SU-2021:1344-1
-
SUSE-SU-2021:1365-1
-
SUSE-SU-2021:1373-1
-
SUSE-SU-2021:1573-1
-
SUSE-SU-2021:1596-1
-
SUSE-SU-2021:1617-1
-
SUSE-SU-2021:1623-1
-
SUSE-SU-2021:1624-1
-
SUSE-SU-2021:1625-1
-
SUSE-SU-2021:1975-1
-
SUSE-SU-2021:1977-1
-
SUSE-SU-2021:2577-1
-
USN-4883-1
-
USN-4887-1
-
USN-4889-1
-
USN-4901-1
-
USN-4904-1
-
USN-4909-1
-
USN-4911-1
-
USN-4945-1
-
USN-4945-2
-
USN-4946-1
-
USN-4949-1
-
USN-4984-1
-
XSA-361
-
XSA-362
-
XSA-365
-
XSA-367
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2021-26930 |
|
|
| CVE | CVE-2021-26931 |
|
|
| CVE | CVE-2021-26932 |
|
|
| CVE | CVE-2021-27363 |
|
|
| CVE | CVE-2021-27364 |
|
|
| CVE | CVE-2021-27365 |
|
|
| CVE | CVE-2021-28038 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.14.225-121.357.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |