openEuler update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2021-34556
CVE-2021-35477
CVE-2021-21781
CWE-ID CWE-200
CWE-203
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU64203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-34556

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2

python3-perf: before 4.19.90-2108.8.0.0106

kernel-source: before 4.19.90-2108.8.0.0106

perf: before 4.19.90-2108.8.0.0106

bpftool-debuginfo: before 4.19.90-2108.8.0.0106

kernel-tools-debuginfo: before 4.19.90-2108.8.0.0106

kernel-tools-devel: before 4.19.90-2108.8.0.0106

kernel-devel: before 4.19.90-2108.8.0.0106

bpftool: before 4.19.90-2108.8.0.0106

python2-perf: before 4.19.90-2108.8.0.0106

kernel-tools: before 4.19.90-2108.8.0.0106

python2-perf-debuginfo: before 4.19.90-2108.8.0.0106

python3-perf-debuginfo: before 4.19.90-2108.8.0.0106

perf-debuginfo: before 4.19.90-2108.8.0.0106

kernel-debuginfo: before 4.19.90-2108.8.0.0106

kernel-debugsource: before 4.19.90-2108.8.0.0106

kernel: before 4.19.90-2108.8.0.0106

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Observable discrepancy

EUVDB-ID: #VU92412

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-35477

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2

python3-perf: before 4.19.90-2108.8.0.0106

kernel-source: before 4.19.90-2108.8.0.0106

perf: before 4.19.90-2108.8.0.0106

bpftool-debuginfo: before 4.19.90-2108.8.0.0106

kernel-tools-debuginfo: before 4.19.90-2108.8.0.0106

kernel-tools-devel: before 4.19.90-2108.8.0.0106

kernel-devel: before 4.19.90-2108.8.0.0106

bpftool: before 4.19.90-2108.8.0.0106

python2-perf: before 4.19.90-2108.8.0.0106

kernel-tools: before 4.19.90-2108.8.0.0106

python2-perf-debuginfo: before 4.19.90-2108.8.0.0106

python3-perf-debuginfo: before 4.19.90-2108.8.0.0106

perf-debuginfo: before 4.19.90-2108.8.0.0106

kernel-debuginfo: before 4.19.90-2108.8.0.0106

kernel-debugsource: before 4.19.90-2108.8.0.0106

kernel: before 4.19.90-2108.8.0.0106

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU54395

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-21781

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the ARM SIGPAGE functionality. A userland application can read the contents of the sigpage, which can leak kernel memory contents.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2

python3-perf: before 4.19.90-2108.8.0.0106

kernel-source: before 4.19.90-2108.8.0.0106

perf: before 4.19.90-2108.8.0.0106

bpftool-debuginfo: before 4.19.90-2108.8.0.0106

kernel-tools-debuginfo: before 4.19.90-2108.8.0.0106

kernel-tools-devel: before 4.19.90-2108.8.0.0106

kernel-devel: before 4.19.90-2108.8.0.0106

bpftool: before 4.19.90-2108.8.0.0106

python2-perf: before 4.19.90-2108.8.0.0106

kernel-tools: before 4.19.90-2108.8.0.0106

python2-perf-debuginfo: before 4.19.90-2108.8.0.0106

python3-perf-debuginfo: before 4.19.90-2108.8.0.0106

perf-debuginfo: before 4.19.90-2108.8.0.0106

kernel-debuginfo: before 4.19.90-2108.8.0.0106

kernel-debugsource: before 4.19.90-2108.8.0.0106

kernel: before 4.19.90-2108.8.0.0106

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###