[ALAS2-2021-1636] Amazon Linux 2 2017.12 - ALAS2-2021-1636: medium priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-31829:
A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality.
1957788: CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
CVE-2021-29155:
A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local,
special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel.
1951595: CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
CVE-2021-23133:
A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1948772: CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del
CVE-2020-29374:
An issue was discovered in the Linux kernel related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access.
1903249: CVE-2020-29374 kernel: the get_user_pages implementation when used for a copy-on-write page does not properly consider the semantics of read operations and therefore can grant unintended write access
- ID
- ALAS2-2021-1636
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2021-1636.html
- Published
-
2021-05-20T15:51:00
(3 years ago) - Modified
-
2021-05-24T17:52:00
(3 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2021-1503
- ALSA-2021:4356
- ALSA-2024:4211
- ASB-A-174737879
- DSA-5096-1
- ELSA-2021-4356
- ELSA-2021-9306
- ELSA-2021-9307
- ELSA-2021-9349
- ELSA-2021-9351
- ELSA-2021-9362
- ELSA-2021-9363
- ELSA-2024-4211
- FEDORA-2021-5ad5249c43
- FEDORA-2021-7c085ca697
- FEDORA-2021-8cd093f639
- FEDORA-2021-9c0276e935
- FEDORA-2021-a963f04012
- FEDORA-2021-e6b4847979
- MS:CVE-2020-29374
- MS:CVE-2021-23133
- MS:CVE-2021-29155
- MS:CVE-2021-31829
- openSUSE-SU-2021:0393-1
- openSUSE-SU-2021:0716-1
- openSUSE-SU-2021:0873-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- RHSA-2021:4140
- RHSA-2021:4356
- RHSA-2024:4211
- RHSA-2024:4352
- RLSA-2024:4211
- SSA:2022-031-01
- SUSE-SU-2021:0735-1
- SUSE-SU-2021:0736-1
- SUSE-SU-2021:0737-1
- SUSE-SU-2021:0738-1
- SUSE-SU-2021:0740-1
- SUSE-SU-2021:0741-1
- SUSE-SU-2021:1175-1
- SUSE-SU-2021:1176-1
- SUSE-SU-2021:1210-1
- SUSE-SU-2021:1571-1
- SUSE-SU-2021:1572-1
- SUSE-SU-2021:1573-1
- SUSE-SU-2021:1574-1
- SUSE-SU-2021:1595-1
- SUSE-SU-2021:1596-1
- SUSE-SU-2021:1605-1
- SUSE-SU-2021:1622-1
- SUSE-SU-2021:1624-1
- SUSE-SU-2021:1887-1
- SUSE-SU-2021:1891-1
- SUSE-SU-2021:1899-1
- SUSE-SU-2021:1912-1
- SUSE-SU-2021:1913-1
- SUSE-SU-2021:1915-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- SUSE-SU-2021:2332-1
- SUSE-SU-2021:2344-1
- SUSE-SU-2021:2361-1
- SUSE-SU-2021:2366-1
- SUSE-SU-2021:2367-1
- SUSE-SU-2021:2377-1
- SUSE-SU-2021:2384-1
- SUSE-SU-2021:2387-1
- SUSE-SU-2021:2421-1
- SUSE-SU-2021:2453-1
- SUSE-SU-2021:2460-1
- SUSE-SU-2021:2577-1
- SUSE-SU-2024:0856-1
- SUSE-SU-2024:0857-1
- SUSE-SU-2024:0925-1
- SUSE-SU-2024:0926-1
- SUSE-SU-2024:0975-1
- SUSE-SU-2024:0976-1
- SUSE-SU-2024:1454-1
- SUSE-SU-2024:1465-1
- SUSE-SU-2024:1489-1
- SUSE-SU-2024:1643-1
- SUSE-SU-2024:1646-1
- SUSE-SU-2024:1648-1
- SUSE-SU-2024:1669-1
- SUSE-SU-2024:1870-1
- USN-4748-1
- USN-4749-1
- USN-4977-1
- USN-4983-1
- USN-4997-1
- USN-4997-2
- USN-4999-1
- USN-5000-1
- USN-5000-2
- USN-5001-1
- USN-5003-1
- USN-5018-1
- USN-6971-1
- USN-6976-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2020-29374 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374 | |
CVE | CVE-2021-23133 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133 | |
CVE | CVE-2021-29155 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155 | |
CVE | CVE-2021-31829 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.232-176.381?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.232-176.381 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.232-176.381.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.232-176.381.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.232-176.381.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |