An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1475
Final
1.0
1.0
2021-12-31
Initial
2021-12-31
2021-12-31
openEuler SA Tool V1.0
2021-12-31
kernel security update
An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
The Linux Kernel, the operating system core itself.
Security Fix(es):
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.(CVE-2021-4002)
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel(CVE-2021-0920)
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.(CVE-2021-4037)
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.(CVE-2021-20321)
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel(CVE-2021-39656)
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel(CVE-2021-39648)
The issue reported to the Linux security team allowed one to read and/or write up to 65kB of kernel memory past buffer boundaries by exploiting lack of limiting of the usb control transfer request wLength in certain gadget functions.(CVE-2021-39685)
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.(CVE-2021-45095)
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.(CVE-2021-4149)
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)
An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4002
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-0920
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4037
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20321
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39656
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39648
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39685
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-45095
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4149
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-25211
https://nvd.nist.gov/vuln/detail/CVE-2021-4002
https://nvd.nist.gov/vuln/detail/CVE-2021-0920
https://nvd.nist.gov/vuln/detail/CVE-2021-4037
https://nvd.nist.gov/vuln/detail/CVE-2021-20321
https://nvd.nist.gov/vuln/detail/CVE-2021-39656
https://nvd.nist.gov/vuln/detail/CVE-2021-39648
https://nvd.nist.gov/vuln/detail/CVE-2021-39685
https://nvd.nist.gov/vuln/detail/CVE-2021-45095
https://nvd.nist.gov/vuln/detail/CVE-2021-4149
https://nvd.nist.gov/vuln/detail/CVE-2020-25211
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
kernel-debugsource-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
python3-perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-source-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-devel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-tools-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
python2-perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
bpftool-4.19.90-2112.6.0.0130.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-source-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-devel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
bpftool-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-tools-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
python2-perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
python3-perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm
kernel-4.19.90-2112.6.0.0130.oe1.src.rpm
kernel-4.19.90-2112.6.0.0129.oe1.src.rpm
kernel-tools-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
python2-perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-tools-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-source-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
python3-perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
bpftool-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-devel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
python2-perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
bpftool-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
python3-perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-tools-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-devel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
kernel-source-4.19.90-2112.6.0.0129.oe1.x86_64.rpm
A memory leak flaw in the Linux kernel s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
2021-12-31
CVE-2021-4002
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.1
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
2021-12-31
CVE-2021-0920
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
High
7.4
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
2021-12-31
CVE-2021-4037
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
4.4
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
2021-12-31
CVE-2021-20321
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel
2021-12-31
CVE-2021-39656
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel
2021-12-31
CVE-2021-39648
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
4.1
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
The issue reported to the Linux security team allowed one to read and/or write up to 65kB of kernel memory past buffer boundaries by exploiting lack of limiting of the usb control transfer request wLength in certain gadget functions.
2021-12-31
CVE-2021-39685
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
6.3
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
2021-12-31
CVE-2021-45095
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
2021-12-31
CVE-2021-4149
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
2021-12-31
CVE-2020-25211
openEuler-20.03-LTS-SP1
Medium
6.0
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
kernel security update
2021-12-31
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475