SB2021012641 - Amazon Linux AMI update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021012641

SB2021012641 - Amazon Linux AMI update for kernel

Published: January 26, 2021 Updated: August 9, 2024

Security Bulletin ID SB2021012641
Severity
High
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Medium 13% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2019-19813)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.


2) Out-of-bounds write (CVE-ID: CVE-2019-19816)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.


3) Out-of-bounds read (CVE-ID: CVE-2020-27815)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.


4) Buffer overflow (CVE-ID: CVE-2020-29568)

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.


5) Buffer overflow (CVE-ID: CVE-2020-29568)

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.


6) Unchecked Return Value (CVE-ID: CVE-2020-29569)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an unchecked return value. A local user can cause a denial of service (DoS) condition, leading to privilege escalation and information leaks.


7) Improper locking (CVE-ID: CVE-2020-29660)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.


8) Improper locking (CVE-ID: CVE-2020-29661)

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References