[ALAS2-2020-1566] Amazon Linux 2 2017.12 - ALAS2-2020-1566: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2020-8694:
A flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.
1828580: CVE-2020-8694 kernel: Insufficient access control vulnerability in PowerCap Framework
CVE-2020-28974:
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
1903126: CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon
CVE-2020-28941:
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
CVE-2020-28941 kernel: NULL pointer dereference in spk_ttyio_ldisc_close function in drivers/accessibility/speakup/spk_ttyio.c
CVE-2020-27777:
No description is available for this CVE.
1900844: CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity
CVE-2020-27675:
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
CVE-2020-27675 kernel: xen: race condition in event-channel removal during the event-handling loop (XSA-331)
CVE-2020-27673:
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27673 kernel: xen: guest OS users can cause a DoS via a high rate of events to dom0 (XSA-332)
CVE-2020-25704:
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
1895961: CVE-2020-25704 kernel: perf_event_parse_addr_filter memory
CVE-2020-25669:
No description is available for this CVE.
1892176: CVE-2020-25669 kernel: use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c
CVE-2020-25668:
No description is available for this CVE.
1893287: CVE-2020-25668 kernel: race condition in fg_console can lead to use-after-free in con_font_op
CVE-2020-25656:
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
1888726: CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl
CVE-2020-14351:
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1862849: CVE-2020-14351 kernel: performance counters race condition use-after-free
CVE-2019-19770:
A use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability.
1786179: CVE-2019-19770 kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c
- ID
- ALAS2-2020-1566
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2020-1566.html
- Published
-
2020-12-08T20:55:00
(3 years ago) - Modified
-
2020-12-08T22:36:00
(3 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2021-1461
- ALPINE:CVE-2020-8694
- ALSA-2020:4431
- ALSA-2021:0558
- ALSA-2021:1578
- ALSA-2021:4356
- ALSA-2024:3138
- ASA-202011-10
- ELSA-2020-5913
- ELSA-2020-5914
- ELSA-2020-5917
- ELSA-2020-5923
- ELSA-2020-5924
- ELSA-2020-5926
- ELSA-2020-5995
- ELSA-2020-5996
- ELSA-2021-0558
- ELSA-2021-0856
- ELSA-2021-1578
- ELSA-2021-3327
- ELSA-2021-4356
- ELSA-2021-9001
- ELSA-2021-9002
- ELSA-2021-9006
- ELSA-2021-9007
- ELSA-2021-9009
- ELSA-2021-9043
- ELSA-2022-0063
- ELSA-2024-3138
- FEDORA-2020-09e4d062fe
- FEDORA-2020-4700a73bd5
- FEDORA-2020-474d747b60
- FEDORA-2020-8c15928d23
- FEDORA-2020-920a258c79
- FEDORA-2020-98ccae320c
- FEDORA-2020-e211716d08
- GLSA-202011-06
- MS:CVE-2020-14351
- MS:CVE-2020-25656
- MS:CVE-2020-25704
- MS:CVE-2020-27675
- MS:CVE-2020-27777
- MS:CVE-2020-28941
- MS:CVE-2020-28974
- openSUSE-SU-2020:0543-1
- openSUSE-SU-2020:1783-1
- openSUSE-SU-2020:1844-1
- openSUSE-SU-2020:1906-1
- openSUSE-SU-2020:2034-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2020:2161-1
- openSUSE-SU-2020:2193-1
- openSUSE-SU-2020:2260-1
- openSUSE-SU-2021:0060-1
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0242-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- RHSA-2020:4431
- RHSA-2020:4609
- RHSA-2021:0537
- RHSA-2021:0558
- RHSA-2021:0856
- RHSA-2021:0857
- RHSA-2021:1578
- RHSA-2021:1739
- RHSA-2021:3327
- RHSA-2021:4356
- RHSA-2022:0063
- RHSA-2022:0065
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2024:3138
- SUSE-SU-2020:1084-1
- SUSE-SU-2020:1085-1
- SUSE-SU-2020:1087-1
- SUSE-SU-2020:1118-1
- SUSE-SU-2020:1119-1
- SUSE-SU-2020:1123-1
- SUSE-SU-2020:1141-1
- SUSE-SU-2020:1142-1
- SUSE-SU-2020:1146-1
- SUSE-SU-2020:1663-1
- SUSE-SU-2020:3049-1
- SUSE-SU-2020:3050-1
- SUSE-SU-2020:3051-1
- SUSE-SU-2020:3052-1
- SUSE-SU-2020:3088-1
- SUSE-SU-2020:3122-1
- SUSE-SU-2020:3272-1
- SUSE-SU-2020:3273-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3326-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3507-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2020:3648-1
- SUSE-SU-2020:3651-1
- SUSE-SU-2020:3670-1
- SUSE-SU-2020:3690-1
- SUSE-SU-2020:3698-1
- SUSE-SU-2020:3713-1
- SUSE-SU-2020:3714-1
- SUSE-SU-2020:3715-1
- SUSE-SU-2020:3717-1
- SUSE-SU-2020:3718-1
- SUSE-SU-2020:3748-1
- SUSE-SU-2020:3764-1
- SUSE-SU-2020:3766-1
- SUSE-SU-2020:3798-1
- SUSE-SU-2021:0094-1
- SUSE-SU-2021:0095-1
- SUSE-SU-2021:0097-1
- SUSE-SU-2021:0098-1
- SUSE-SU-2021:0108-1
- SUSE-SU-2021:0117-1
- SUSE-SU-2021:0118-1
- SUSE-SU-2021:0133-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- SUSE-SU-2021:1176-1
- SUSE-SU-2021:1573-1
- SUSE-SU-2021:1596-1
- SUSE-SU-2021:1623-1
- SUSE-SU-2021:1624-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- SUSE-SU-2023:4625-1
- SUSE-SU-2023:4936-1
- USN-4626-1
- USN-4627-1
- USN-4657-1
- USN-4658-1
- USN-4659-1
- USN-4660-1
- USN-4679-1
- USN-4680-1
- USN-4681-1
- USN-4683-1
- USN-4708-1
- USN-4709-1
- USN-4710-1
- USN-4711-1
- USN-4749-1
- USN-4750-1
- USN-4751-1
- USN-4752-1
- USN-4912-1
- XSA-331
- XSA-332
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2019-19770 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19770 | |
CVE | CVE-2020-14351 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351 | |
CVE | CVE-2020-25656 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656 | |
CVE | CVE-2020-25668 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25668 | |
CVE | CVE-2020-25669 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25669 | |
CVE | CVE-2020-25704 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25704 | |
CVE | CVE-2020-27673 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27673 | |
CVE | CVE-2020-27675 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27675 | |
CVE | CVE-2020-27777 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27777 | |
CVE | CVE-2020-28941 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28941 | |
CVE | CVE-2020-28974 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28974 | |
CVE | CVE-2020-8694 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.209-160.335?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.209-160.335 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.209-160.335.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.209-160.335.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.209-160.335.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |