[ALAS2-2021-1685] Amazon Linux 2 2017.12 - ALAS2-2021-1685: important priority package update for kernel

Severity Important

Affected Packages 26

CVEs 32

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-3573:
A flaw use-after-free in the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system.
1966578: CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()

CVE-2021-3564:
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system.
1964139: CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails

CVE-2021-33624:
A flaw was found in the Linux kernel's BPF subsystem, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality.
1974456: CVE-2021-33624 kernel: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory

CVE-2021-33034:
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
1961305: CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan

CVE-2021-32399:
A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1970807: CVE-2021-32399 kernel: race condition for removal of the HCI controller

CVE-2021-29650:
A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem.
1945388: CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS

CVE-2021-0129:
A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity.
1965038: CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability.

CVE-2020-26558:
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge.
1918602: CVE-2020-26558 bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack

Package	Affected Version
pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-livepatch-4.14.238-182.421?arch=x86_64&distro=amazonlinux-2	< 1.0-0.amzn2
pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2	< 4.14.238-182.421.amzn2

ID

ALAS2-2021-1685

Severity

important

URL

https://alas.aws.amazon.com/AL2/ALAS-2021-1685.html

Published

2021-07-14T20:35:00
(3 years ago)

Modified

2021-07-15T21:45:00
(3 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	URL
CVE	CVE-2020-26558	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
CVE	CVE-2021-0129	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
CVE	CVE-2021-29650	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650
CVE	CVE-2021-32399	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399
CVE	CVE-2021-33034	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034
CVE	CVE-2021-33624	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33624
CVE	CVE-2021-3564	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564
CVE	CVE-2021-3573	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2	amazonlinux	python-perf	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2	amazonlinux	python-perf	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	python-perf-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	python-perf-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2	amazonlinux	perf	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2	amazonlinux	perf	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	perf-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	perf-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-tools	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-tools	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-tools-devel	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-tools-devel	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-tools-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-tools-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-livepatch-4.14.238-182.421?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-livepatch-4.14.238-182.421	< 1.0-0.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-headers	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2	amazonlinux	kernel-headers	< 4.14.238-182.421.amzn2	amazonlinux-2	i686
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-headers	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-devel	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-devel	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo-common-x86_64	< 4.14.238-182.421.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo-common-aarch64	< 4.14.238-182.421.amzn2	amazonlinux-2	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date