alsa-2021:3057
Vulnerability from osv_almalinux
Published
2021-08-10 11:56
Modified
2021-08-11 08:54
Summary
Important: kernel security, bug fix, and enhancement update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609)

  • kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  • kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Urgent: Missing dptf_power.ko module in AlmaLinux8 (BZ#1968381)

  • [mlx5] kdump over NFS fails: mlx5 driver gives error "Stop room 95 is bigger than the SQ size 64" (BZ#1969909)

  • BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 in bluetooth hci_error_reset on intel-tigerlake-h01 (BZ#1972564)

  • Update CIFS to kernel 5.10 (BZ#1973637)

  • Backport "tick/nohz: Conditionally restart tick on idle exit" to AlmaLinux 8.5 (BZ#1978710)

  • Significant performance drop starting on kernel-4.18.0-277 visible on mmap benchmark (BZ#1980314)

  • Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?) (BZ#1980613)

  • [AlmaLinux8.4 BUG],RialtoMLK, I915 graphic driver failed to boot with one new 120HZ panel (BZ#1981250)

  • act_ct: subject to DNAT tuple collision (BZ#1982494)

Enhancement(s):

  • [Lenovo 8.5 FEAT] drivers/nvme - Update to the latest upstream (BZ#1965415)
References
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-305.12.1.el8_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609)\n\n* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)\n\n* kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Urgent: Missing dptf_power.ko module in AlmaLinux8 (BZ#1968381)\n\n* [mlx5] kdump over NFS fails: mlx5 driver gives error \"Stop room 95 is bigger than the SQ size 64\" (BZ#1969909)\n\n* BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 in bluetooth  hci_error_reset on intel-tigerlake-h01 (BZ#1972564)\n\n* Update CIFS to kernel 5.10 (BZ#1973637)\n\n* Backport \"tick/nohz: Conditionally restart tick on idle exit\" to AlmaLinux 8.5 (BZ#1978710)\n\n* Significant performance drop starting on kernel-4.18.0-277 visible on mmap benchmark (BZ#1980314)\n\n* Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?) (BZ#1980613)\n\n* [AlmaLinux8.4 BUG],RialtoMLK, I915 graphic driver failed to boot with one new 120HZ panel (BZ#1981250)\n\n* act_ct: subject to DNAT tuple collision (BZ#1982494)\n\nEnhancement(s):\n\n* [Lenovo 8.5 FEAT] drivers/nvme - Update to the latest upstream (BZ#1965415)",
  "id": "ALSA-2021:3057",
  "modified": "2021-08-11T08:54:00Z",
  "published": "2021-08-10T11:56:07Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22543"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22555"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3609"
    }
  ],
  "related": [
    "CVE-2021-3609",
    "CVE-2021-22543",
    "CVE-2021-22555"
  ],
  "summary": "Important: kernel security, bug fix, and enhancement update"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.