SB2021020446 - openEuler update for kernel
Published: February 4, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2020-14351)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.
2) NULL pointer dereference (CVE-ID: CVE-2020-27675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/xen/events/events_base.c. A malicious guest can trigger a dom0 crash by sending events for a paravirtualized device while simultaneously performing its reconfiguration.
3) Use-after-free (CVE-ID: CVE-2020-25656)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.
4) Improper access control (CVE-ID: CVE-2020-12352)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crafted input to the application and gain access to sensitive information.
5) Improper locking (CVE-ID: CVE-2020-29661)
The vulnerability allows a local user to perform a escalate privileges on the system.
The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.
6) Missing Authorization (CVE-ID: CVE-2020-27777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way RTAS handles memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like user could use this flaw to further increase their privileges to that of a running kernel.
7) Improper locking (CVE-ID: CVE-2020-29660)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.
8) Unchecked Return Value (CVE-ID: CVE-2020-29569)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to an unchecked return value. A local user can cause a denial of service (DoS) condition, leading to privilege escalation and information leaks.
9) Out-of-bounds read (CVE-ID: CVE-2020-27815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.
10) Null pointer dereference (CVE-ID: CVE-2020-27830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.
Remediation
Install update from vendor's website.