[ALAS2-2021-1627] Amazon Linux 2 2017.12 - ALAS2-2021-1627: important priority package update for kernel

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-3483:
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1948045: CVE-2021-3483 kernel: use-after-free in nosy driver in nosy_ioctl() in drivers/firewire/nosy.c when a device is added twice

CVE-2021-29647:
A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality.
1945361: CVE-2021-29647 kernel: information disclosure due to uninitialized data structure in qrtr_recvmsg function in net/qrtr/qrtr.c

CVE-2021-29265:
A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability.
1944695: CVE-2021-29265 kernel: race conditions in usbip_sockfd_store function in drivers/usb/usbip/stub_dev.c can lead to DoS

CVE-2021-29154:
A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1946684: CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation

CVE-2021-28972:
A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel's stack.
1941781: CVE-2021-28972 kernel: Buffer overflow in hotplug/rpadlpar_sysfs.c

CVE-2021-28964:
A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability.
1941804: CVE-2021-28964 kernel: race condition in get_old_root function in fs/btrfs/ctree.c because of a lack of locking on an extent buffer before a cloning operation

CVE-2021-28688:

CVE-2021-28660:
A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability.
1940590: CVE-2021-28660 kernel: buffer overflow in rtw_wx_set_scan function in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c

CVE-2021-22555:
A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.
1980101: CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c

CVE-2020-27171:
A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality.
1940623: CVE-2020-27171 kernel: Integer underflow when restricting speculative pointer arithmetic

CVE-2020-25672:
No description is available for this CVE.

CVE-2020-25672 kernel: memory leak in llcp_sock_connect()

CVE-2020-25671:
No description is available for this CVE.

CVE-2020-25671 kernel: refcount leak in llcp_sock_connect()

CVE-2020-25670:
No description is available for this CVE.

CVE-2020-25670 kernel: refcount leak in llcp_sock_bind()

CVE-2019-7308:
A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
1672355: CVE-2019-7308 kernel: eBPF: Spectre v1 mitigation bypass

CVE-2019-19060:
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
1775035: CVE-2019-19060 kernel: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c allows for a DoS