SB2021040786 - openEuler update for kernel

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Allocation of resources without limits or throttling (CVE-ID: CVE-2021-26931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling error within the scsiback_gnttab_data_map_batch() function in drivers/xen/xen-scsiback.c. A local user can perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2021-26930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when processing service requests to the PV backend within drivers/block/xen-blkback/blkback.c driver in Xen. A local user on the guest OS can perform a denial of service (DoS) attack.

3) Buffer overflow (CVE-ID: CVE-2021-26932)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the gntdev_map_grant_pages() function in drivers/xen/gntdev.c. A local user can perform a denial of service (DoS) attack.

4) Allocation of resources without limits or throttling (CVE-ID: CVE-2021-28038)

The vulnerability allows a local user to a crash the entire system.

The vulnerability exists due to allocation of resources without limits or throttling error within the xenvif_tx_action() function in drivers/net/xen-netback/netback.c. A local user can a crash the entire system.

5) Information disclosure (CVE-ID: CVE-2021-27363)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-27364)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

7) Buffer overflow (CVE-ID: CVE-2021-27365)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1111