Amazon Linux AMI update for kernel

1) Use-after-free

EUVDB-ID: #VU48967

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27825

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in kernel/trace/ring_buffer.c in Linux kernel, when trace_open and resize of cpu buffer are running in parallel on different CPUs. A local user can run a specially crafted application and perform a denial of service attack or read contentsof kernel memory.

Mitigation

Update the affected packages:

i686:
    kernel-4.14.219-119.340.amzn1.i686
    kernel-tools-4.14.219-119.340.amzn1.i686
    kernel-tools-devel-4.14.219-119.340.amzn1.i686
    perf-4.14.219-119.340.amzn1.i686
    perf-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-common-i686-4.14.219-119.340.amzn1.i686
    kernel-headers-4.14.219-119.340.amzn1.i686
    kernel-devel-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.i686

src:
    kernel-4.14.219-119.340.amzn1.src

x86_64:
    kernel-headers-4.14.219-119.340.amzn1.x86_64
    kernel-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.219-119.340.amzn1.x86_64
    kernel-tools-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-4.14.219-119.340.amzn1.x86_64
    perf-4.14.219-119.340.amzn1.x86_64
    kernel-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.x86_64
    perf-debuginfo-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-4.14.219-119.340.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: All versions

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:a:amazon_web_services:kernel:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/ALAS-2021-1480.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU49914

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-28374

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.

Mitigation

Update the affected packages:

i686:
    kernel-4.14.219-119.340.amzn1.i686
    kernel-tools-4.14.219-119.340.amzn1.i686
    kernel-tools-devel-4.14.219-119.340.amzn1.i686
    perf-4.14.219-119.340.amzn1.i686
    perf-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-common-i686-4.14.219-119.340.amzn1.i686
    kernel-headers-4.14.219-119.340.amzn1.i686
    kernel-devel-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.i686

src:
    kernel-4.14.219-119.340.amzn1.src

x86_64:
    kernel-headers-4.14.219-119.340.amzn1.x86_64
    kernel-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.219-119.340.amzn1.x86_64
    kernel-tools-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-4.14.219-119.340.amzn1.x86_64
    perf-4.14.219-119.340.amzn1.x86_64
    kernel-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.x86_64
    perf-debuginfo-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-4.14.219-119.340.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: All versions

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:a:amazon_web_services:kernel:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/ALAS-2021-1480.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU52035

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3347

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages:

i686:
    kernel-4.14.219-119.340.amzn1.i686
    kernel-tools-4.14.219-119.340.amzn1.i686
    kernel-tools-devel-4.14.219-119.340.amzn1.i686
    perf-4.14.219-119.340.amzn1.i686
    perf-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-common-i686-4.14.219-119.340.amzn1.i686
    kernel-headers-4.14.219-119.340.amzn1.i686
    kernel-devel-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.i686

src:
    kernel-4.14.219-119.340.amzn1.src

x86_64:
    kernel-headers-4.14.219-119.340.amzn1.x86_64
    kernel-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.219-119.340.amzn1.x86_64
    kernel-tools-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-4.14.219-119.340.amzn1.x86_64
    perf-4.14.219-119.340.amzn1.x86_64
    kernel-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.x86_64
    perf-debuginfo-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-4.14.219-119.340.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: All versions

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:a:amazon_web_services:kernel:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/ALAS-2021-1480.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU83433

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3348

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_add_socket in drivers/block/nbd.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected packages:

i686:
    kernel-4.14.219-119.340.amzn1.i686
    kernel-tools-4.14.219-119.340.amzn1.i686
    kernel-tools-devel-4.14.219-119.340.amzn1.i686
    perf-4.14.219-119.340.amzn1.i686
    perf-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-common-i686-4.14.219-119.340.amzn1.i686
    kernel-headers-4.14.219-119.340.amzn1.i686
    kernel-devel-4.14.219-119.340.amzn1.i686
    kernel-debuginfo-4.14.219-119.340.amzn1.i686
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.i686

src:
    kernel-4.14.219-119.340.amzn1.src

x86_64:
    kernel-headers-4.14.219-119.340.amzn1.x86_64
    kernel-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.219-119.340.amzn1.x86_64
    kernel-tools-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-4.14.219-119.340.amzn1.x86_64
    perf-4.14.219-119.340.amzn1.x86_64
    kernel-devel-4.14.219-119.340.amzn1.x86_64
    kernel-tools-debuginfo-4.14.219-119.340.amzn1.x86_64
    perf-debuginfo-4.14.219-119.340.amzn1.x86_64
    kernel-debuginfo-4.14.219-119.340.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

kernel: All versions

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:a:amazon_web_services:kernel:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/ALAS-2021-1480.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.