Amazon Linux AMI update for kernel



Published: 2021-01-26
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2019-19813
CVE-2019-19816
CVE-2020-27815
CVE-2020-29568
CVE-2020-29569
CVE-2020-29660
CVE-2020-29661
CWE-ID CWE-416
CWE-787
CWE-125
CWE-119
CWE-252
CWE-667
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

kernel
Operating systems & Components / Operating system package or component

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU34962

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19813

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU34964

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19816

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU49169

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27815

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU52772

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29568

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU52771

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29568

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Unchecked Return Value

EUVDB-ID: #VU56816

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29569

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an unchecked return value. A local user can cause a denial of service (DoS) condition, leading to privilege escalation and information leaks.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU57039

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU51543

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages:

i686:
    kernel-headers-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686
    kernel-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-devel-4.14.214-118.339.amzn1.i686
    perf-debuginfo-4.14.214-118.339.amzn1.i686
    kernel-4.14.214-118.339.amzn1.i686
    perf-4.14.214-118.339.amzn1.i686
    kernel-tools-devel-4.14.214-118.339.amzn1.i686
    kernel-tools-4.14.214-118.339.amzn1.i686

src:
    kernel-4.14.214-118.339.amzn1.src

x86_64:
    kernel-tools-devel-4.14.214-118.339.amzn1.x86_64
    kernel-headers-4.14.214-118.339.amzn1.x86_64
    kernel-tools-4.14.214-118.339.amzn1.x86_64
    perf-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-devel-4.14.214-118.339.amzn1.x86_64
    kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64
    kernel-debuginfo-4.14.214-118.339.amzn1.x86_64
    perf-4.14.214-118.339.amzn1.x86_64
    kernel-4.14.214-118.339.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: before 4.14.214-118.339

External links

http://alas.aws.amazon.com/ALAS-2021-1477.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###