[ALAS2-2021-1685] Amazon Linux 2 2017.12 - ALAS2-2021-1685: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-3573:
A flaw use-after-free in the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system.
1966578: CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()
CVE-2021-3564:
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system.
1964139: CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails
CVE-2021-33624:
A flaw was found in the Linux kernel's BPF subsystem, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality.
1974456: CVE-2021-33624 kernel: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory
CVE-2021-33034:
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
1961305: CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
CVE-2021-32399:
A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1970807: CVE-2021-32399 kernel: race condition for removal of the HCI controller
CVE-2021-29650:
A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem.
1945388: CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
CVE-2021-0129:
A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity.
1965038: CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
CVE-2020-26558:
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge.
1918602: CVE-2020-26558 bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack
- ID
- ALAS2-2021-1685
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2021-1685.html
- Published
-
2021-07-14T20:35:00
(3 years ago) - Modified
-
2021-07-15T21:45:00
(3 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2021-1516
- ALSA-2021:2570
- ALSA-2021:2714
- ALSA-2021:4356
- ALSA-2024:3618
- ALSA-2024:5101
- ASB-A-174886838
- DSA-4951-1
- ELSA-2021-2570
- ELSA-2021-2714
- ELSA-2021-2725
- ELSA-2021-3327
- ELSA-2021-4356
- ELSA-2021-4432
- ELSA-2021-9215
- ELSA-2021-9220
- ELSA-2021-9221
- ELSA-2021-9222
- ELSA-2021-9223
- ELSA-2021-9346
- ELSA-2021-9349
- ELSA-2021-9351
- ELSA-2021-9362
- ELSA-2021-9363
- ELSA-2021-9395
- ELSA-2021-9404
- ELSA-2021-9406
- ELSA-2021-9450
- ELSA-2021-9451
- ELSA-2021-9458
- ELSA-2021-9460
- ELSA-2021-9485
- ELSA-2021-9488
- ELSA-2021-9534
- ELSA-2022-0620
- ELSA-2022-9088
- ELSA-2022-9348
- ELSA-2022-9793
- ELSA-2024-12606
- ELSA-2024-3618
- ELSA-2024-5101
- FEDORA-2021-2306e89112
- FEDORA-2021-41fb54ae9f
- FEDORA-2021-6b0f287b8b
- FEDORA-2021-a35b44fd9f
- FEDORA-2021-bae582b42c
- FEDORA-2021-bc2a819bc5
- FEDORA-2021-db2bb87f35
- GLSA-202209-16
- MS:CVE-2020-26558
- MS:CVE-2021-29650
- MS:CVE-2021-32399
- MS:CVE-2021-33034
- MS:CVE-2021-33624
- MS:CVE-2021-3564
- openSUSE-SU-2021:0716-1
- openSUSE-SU-2021:0843-1
- openSUSE-SU-2021:0873-1
- openSUSE-SU-2021:0947-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- openSUSE-SU-2021:2184-1
- openSUSE-SU-2021:2202-1
- openSUSE-SU-2021:2291-1
- openSUSE-SU-2021:2305-1
- openSUSE-SU-2021:2352-1
- openSUSE-SU-2021:2427-1
- openSUSE-SU-2022:0366-1
- RHSA-2021:2563
- RHSA-2021:2570
- RHSA-2021:2599
- RHSA-2021:2714
- RHSA-2021:2715
- RHSA-2021:2716
- RHSA-2021:2725
- RHSA-2021:2726
- RHSA-2021:2727
- RHSA-2021:3327
- RHSA-2021:3328
- RHSA-2021:3381
- RHSA-2021:4140
- RHSA-2021:4356
- RHSA-2021:4432
- RHSA-2022:0620
- RHSA-2022:0622
- RHSA-2024:3618
- RHSA-2024:3627
- RHSA-2024:5101
- RHSA-2024:5102
- RLSA-2021:2570
- RLSA-2021:2714
- RLSA-2021:4356
- RLSA-2024:3618
- RLSA-2024:5101
- SSA:2021-202-01
- SUSE-SU-2021:1571-1
- SUSE-SU-2021:1572-1
- SUSE-SU-2021:1573-1
- SUSE-SU-2021:1574-1
- SUSE-SU-2021:1595-1
- SUSE-SU-2021:1596-1
- SUSE-SU-2021:1605-1
- SUSE-SU-2021:1617-1
- SUSE-SU-2021:1622-1
- SUSE-SU-2021:1623-1
- SUSE-SU-2021:1624-1
- SUSE-SU-2021:1887-1
- SUSE-SU-2021:1888-1
- SUSE-SU-2021:1889-1
- SUSE-SU-2021:1890-1
- SUSE-SU-2021:1891-1
- SUSE-SU-2021:1899-1
- SUSE-SU-2021:1912-1
- SUSE-SU-2021:1913-1
- SUSE-SU-2021:1915-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- SUSE-SU-2021:2020-1
- SUSE-SU-2021:2025-1
- SUSE-SU-2021:2026-1
- SUSE-SU-2021:2027-1
- SUSE-SU-2021:2042-1
- SUSE-SU-2021:2057-1
- SUSE-SU-2021:2060-1
- SUSE-SU-2021:2067-1
- SUSE-SU-2021:2184-1
- SUSE-SU-2021:2198-1
- SUSE-SU-2021:2202-1
- SUSE-SU-2021:2208-1
- SUSE-SU-2021:2291-1
- SUSE-SU-2021:2303-1
- SUSE-SU-2021:2305-1
- SUSE-SU-2021:2321-1
- SUSE-SU-2021:2324-1
- SUSE-SU-2021:2325-1
- SUSE-SU-2021:2349-1
- SUSE-SU-2021:2352-1
- SUSE-SU-2021:2406-1
- SUSE-SU-2021:2421-1
- SUSE-SU-2021:2422-1
- SUSE-SU-2021:2426-1
- SUSE-SU-2021:2427-1
- SUSE-SU-2021:2451-1
- SUSE-SU-2021:2577-1
- SUSE-SU-2021:3360-1
- SUSE-SU-2021:3361-1
- SUSE-SU-2021:3371-1
- SUSE-SU-2021:3374-1
- SUSE-SU-2021:3401-1
- SUSE-SU-2021:3440-1
- SUSE-SU-2021:3443-1
- SUSE-SU-2021:3459-1
- SUSE-SU-2022:0362-1
- SUSE-SU-2022:0364-1
- SUSE-SU-2022:0366-1
- SUSE-SU-2022:0367-1
- SUSE-SU-2022:0371-1
- SUSE-SU-2022:0372-1
- SUSE-SU-2022:0477-1
- SUSE-SU-2022:0555-1
- SUSE-SU-2022:3687-1
- SUSE-SU-2022:3691-1
- SUSE-SU-2023:2611-1
- SUSE-SU-2023:2651-1
- SUSE-SU-2024:0856-1
- SUSE-SU-2024:0857-1
- SUSE-SU-2024:0925-1
- SUSE-SU-2024:0926-1
- SUSE-SU-2024:0975-1
- SUSE-SU-2024:0976-1
- SUSE-SU-2024:1454-1
- SUSE-SU-2024:1465-1
- SUSE-SU-2024:1489-1
- SUSE-SU-2024:1642-1
- SUSE-SU-2024:1643-1
- SUSE-SU-2024:1645-1
- SUSE-SU-2024:1646-1
- SUSE-SU-2024:1648-1
- SUSE-SU-2024:1650-1
- SUSE-SU-2024:1870-1
- SUSE-SU-2024:1979-1
- SUSE-SU-2024:1983-1
- SUSE-SU-2024:2109-1
- SUSE-SU-2024:2115-1
- SUSE-SU-2024:2120-1
- SUSE-SU-2024:2121-1
- SUSE-SU-2024:2123-1
- SUSE-SU-2024:2124-1
- SUSE-SU-2024:2130-1
- SUSE-SU-2024:2139-1
- SUSE-SU-2024:2143-1
- SUSE-SU-2024:2145-1
- SUSE-SU-2024:2147-1
- SUSE-SU-2024:2148-1
- SUSE-SU-2024:2184-1
- SUSE-SU-2024:2202-1
- SUSE-SU-2024:2343-1
- SUSE-SU-2024:2344-1
- SUSE-SU-2024:2357-1
- SUSE-SU-2024:2373-1
- SUSE-SU-2024:2493-1
- SUSE-SU-2024:2558-1
- SUSE-SU-2024:2559-1
- SUSE-SU-2024:2561-1
- SUSE-SU-2024:2740-1
- SUSE-SU-2024:2755-1
- SUSE-SU-2024:2758-1
- SUSE-SU-2024:2773-1
- SUSE-SU-2024:2821-1
- SUSE-SU-2024:2822-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2923-1
- SUSE-SU-2024:2940-1
- SUSE-SU-2024:2948-1
- SUSE-SU-2024:3015-1
- SUSE-SU-2024:3034-1
- SUSE-SU-2024:3037-1
- SUSE-SU-2024:3043-1
- SUSE-SU-2024:3044-1
- SUSE-SU-2024:3048-1
- USN-4945-1
- USN-4945-2
- USN-4946-1
- USN-4947-1
- USN-4948-1
- USN-4949-1
- USN-4989-1
- USN-4989-2
- USN-4997-1
- USN-4997-2
- USN-5000-1
- USN-5000-2
- USN-5001-1
- USN-5015-1
- USN-5016-1
- USN-5017-1
- USN-5018-1
- USN-5044-1
- USN-5045-1
- USN-5046-1
- USN-5050-1
- USN-5091-1
- USN-5091-2
- USN-5092-1
- USN-5092-2
- USN-5115-1
- USN-5299-1
- USN-5343-1
- USN-6739-1
- USN-6778-1
- USN-6938-1
- USN-6976-1
- VU:799380
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2020-26558 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558 | |
CVE | CVE-2021-0129 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129 | |
CVE | CVE-2021-29650 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650 | |
CVE | CVE-2021-32399 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399 | |
CVE | CVE-2021-33034 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034 | |
CVE | CVE-2021-33624 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33624 | |
CVE | CVE-2021-3564 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564 | |
CVE | CVE-2021-3573 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.238-182.421?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.238-182.421 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.238-182.421.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.238-182.421.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.238-182.421.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |