kernel-3.10.0-1160.24.1.el7

エラータID: AXSA:2021-1662:07

Release date: 
Wednesday, April 14, 2021 - 18:29
Subject: 
kernel-3.10.0-1160.24.1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):

* Customer testing eMMC sees and intermittent boot problem on 7.8+, was not
seen on 7.3
* tcm loopback driver causes double-start of scsi command when work is delayed

* [Azure]Mellanox Patches To Prevent Kernel Hang In MLX4
A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in
an inconsistent state, which causes a hard lockup.
* Add fix to update snd_wl1 in bulk receiver fast path

CVE(s):
CVE-2021-27363
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer
leak can be used to determine the address of the iscsi_transport structure. When
an iSCSI transport is registered with the iSCSI subsystem, the transport's
handle is available to unprivileged users via the sysfs file system, at
/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the
show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is
called, which leaks the handle. This handle is actually the pointer to an
iscsi_transport struct in the kernel module's global variables.
CVE-2021-27364
An issue was discovered in the Linux kernel through 5.11.3.
drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an
unprivileged user to craft Netlink messages.
CVE-2021-27365
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data
structures do not have appropriate length constraints or checks, and can exceed
the PAGE_SIZE value. An unprivileged user can send a Netlink message that is
associated with iSCSI, and has a length up to the maximum length of a Netlink
message.

Solution: 

Update packages.

CVEs: 
CVE-2021-27363
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
CVE-2021-27364
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2021-27365
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-1160.24.1.el7.src.rpm
    MD5: e24bb9a3ebd73e00e194c89044108585
    SHA-256: 65704767de63e4f02540c879284fb6f47a551246ed7d7a1264cf94d1e690f8ad
    Size: 99.94 MB

Asianux Server 7 for x86_64
  1. bpftool-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: ff059508c41eb85d5b5537142c0d4ee6
    SHA-256: 44c407caffb91e5dcd1fdd739a089afed187913dbec762fde5dd71373f3aeb82
    Size: 8.47 MB
  2. kernel-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: 0769e8787af707063cd527ca85d91c1f
    SHA-256: 8c795346a1dd2c74ac95baf3cee8fe759f9c9c6864dc94ecf3d722bc7438d927
    Size: 50.32 MB
  3. kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm
    MD5: 9fac8e58e8964e3703749c5dfde0baf5
    SHA-256: 67f7fb78881dbafa082a03d3cd5d01bcc397ce78c2c28853e2444645479520d9
    Size: 8.04 MB
  4. kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: ba3e18685565d4e2e643c0a59a88ea79
    SHA-256: b68123b98a0b1d46a1443eacec98638d5aac70090ec9680696bd6d7e429d73e1
    Size: 52.62 MB
  5. kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: e96e09efd0b31babbf4231d6e9c21fed
    SHA-256: a4d620dcd301ba3e4172654af5ec7437312787ab994638aafca33288bb6a7ed9
    Size: 18.02 MB
  6. kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: 1ac47b70be02b22007a89d89869be15a
    SHA-256: 20e7771a409bcd8f1078ce9682aa8c3d7535c7721a6f7e9992229f25638b1555
    Size: 17.95 MB
  7. kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm
    MD5: cd4ccd231126c7fe23a84cf97aaa1726
    SHA-256: 23a0b5bb68a6cf4e5a635a7046f7bb77dffb67326c056ffb78fb61819576afbc
    Size: 19.50 MB
  8. kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: b1b6ca1cb1d224d9963883613864f145
    SHA-256: 5f781f9f27544d8f016e586cbe601749611a0255a2804e92e04602b973fe3e85
    Size: 9.03 MB
  9. kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: 75b7f2a610d2c6e4ed6e7363ec2fcf3e
    SHA-256: 8892cf87f79e5164c487089b87f5a53407c7640bae0e12f527ff04668cb72dc3
    Size: 8.14 MB
  10. kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: cc691801107d8fbbf37b3280a59df779
    SHA-256: 37d87b798ba7374fe17b20297b02016c024853dc29bf499784d0f1fad68852de
    Size: 8.03 MB
  11. perf-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: 2cfd7f568db66e3f813391d1045fb18c
    SHA-256: e5fb735177614c56a2fe8b4c43c6f87bf15bc07c8719993bba686077c4c35965
    Size: 9.67 MB
  12. python-perf-3.10.0-1160.24.1.el7.x86_64.rpm
    MD5: c9d60a6bd79593f3c5970ba2ac5fc7e9
    SHA-256: 3e0570cdff6e4ee3fed4b64ff9bea6cb9b39f6d887a5694fa542aeb19034f842
    Size: 8.13 MB