Amazon Linux AMI update for kernel

1) Stack-based buffer overflow

EUVDB-ID: #VU27309

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10942

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the get_raw_socket() function in drivers/vhost/net.c due to lack of validation of the sk_family field. A local user can perform a specially crafted system call, trigger stack overflow and crash the kernel.

Mitigation

Update the affected packages:

i686:
    kernel-tools-devel-4.14.173-106.229.amzn1.i686
    kernel-4.14.173-106.229.amzn1.i686
    kernel-headers-4.14.173-106.229.amzn1.i686
    perf-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-devel-4.14.173-106.229.amzn1.i686
    perf-4.14.173-106.229.amzn1.i686
    kernel-debuginfo-common-i686-4.14.173-106.229.amzn1.i686
    kernel-tools-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-tools-4.14.173-106.229.amzn1.i686

src:
    kernel-4.14.173-106.229.amzn1.src

x86_64:
    kernel-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-4.14.173-106.229.amzn1.x86_64
    kernel-tools-4.14.173-106.229.amzn1.x86_64
    perf-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.173-106.229.amzn1.x86_64
    kernel-headers-4.14.173-106.229.amzn1.x86_64
    perf-4.14.173-106.229.amzn1.x86_64
    kernel-tools-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-devel-4.14.173-106.229.amzn1.x86_64
    kernel-tools-devel-4.14.173-106.229.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2020-1360.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU25814

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2732

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incomplete implementation of vmx_check_intercept on Intel processors in KVM in Linux kernel, which leads to  I/O or MSR interception bitmaps are not checked. A remote attacker with access to guest operating system (e.g. L2 guest) can trick the L0 hypervisor into accessing sensitive information on the L1 hypervisor.

Mitigation

Update the affected packages:

i686:
    kernel-tools-devel-4.14.173-106.229.amzn1.i686
    kernel-4.14.173-106.229.amzn1.i686
    kernel-headers-4.14.173-106.229.amzn1.i686
    perf-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-devel-4.14.173-106.229.amzn1.i686
    perf-4.14.173-106.229.amzn1.i686
    kernel-debuginfo-common-i686-4.14.173-106.229.amzn1.i686
    kernel-tools-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-tools-4.14.173-106.229.amzn1.i686

src:
    kernel-4.14.173-106.229.amzn1.src

x86_64:
    kernel-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-4.14.173-106.229.amzn1.x86_64
    kernel-tools-4.14.173-106.229.amzn1.x86_64
    perf-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.173-106.229.amzn1.x86_64
    kernel-headers-4.14.173-106.229.amzn1.x86_64
    perf-4.14.173-106.229.amzn1.x86_64
    kernel-tools-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-devel-4.14.173-106.229.amzn1.x86_64
    kernel-tools-devel-4.14.173-106.229.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2020-1360.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU28416

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8648

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

Mitigation

Update the affected packages:

i686:
    kernel-tools-devel-4.14.173-106.229.amzn1.i686
    kernel-4.14.173-106.229.amzn1.i686
    kernel-headers-4.14.173-106.229.amzn1.i686
    perf-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-devel-4.14.173-106.229.amzn1.i686
    perf-4.14.173-106.229.amzn1.i686
    kernel-debuginfo-common-i686-4.14.173-106.229.amzn1.i686
    kernel-tools-debuginfo-4.14.173-106.229.amzn1.i686
    kernel-tools-4.14.173-106.229.amzn1.i686

src:
    kernel-4.14.173-106.229.amzn1.src

x86_64:
    kernel-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-4.14.173-106.229.amzn1.x86_64
    kernel-tools-4.14.173-106.229.amzn1.x86_64
    perf-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.173-106.229.amzn1.x86_64
    kernel-headers-4.14.173-106.229.amzn1.x86_64
    perf-4.14.173-106.229.amzn1.x86_64
    kernel-tools-debuginfo-4.14.173-106.229.amzn1.x86_64
    kernel-devel-4.14.173-106.229.amzn1.x86_64
    kernel-tools-devel-4.14.173-106.229.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2020-1360.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.