kernel-3.10.0-1160.59.1.el7
エラータID: AXSA:2022-3092:04
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)
kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
kernel: out of bounds write in hid-multitouch.c may lead to escalation of privilege (CVE-2020-0465)
kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)
kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
kernel: possible use-after-free in bluetooth module (CVE-2021-3752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Kernel with enabled BERT does not decode CPU fatal events correctly
Call trace seen during controller random reset on IB config
Infinite loop in blk_set_queue_dying() from blk_queue_for_each_rl() when another CPU races and modifies the queue's blkg_list
NFS client kernel crash in NFS4 backchannel transmit path - ftrace_raw_event_rpc_task_queued called from rpc_run_bc_task
SELinux is preventing / from mount access on the filesystem /proc
CVE(s):
CVE-2020-0466
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
CVE-2021-0920
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
CVE-2021-4155
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-0330
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22942
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-0465
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Update packages.
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
N/A
SRPMS
- kernel-3.10.0-1160.59.1.el7.src.rpm
MD5: ff75b7bb4b728da90e03938538a7c3c4
SHA-256: e723cfdc89a6e2a70684622a587117071ed031d62df8bd3d3234268d4e5d949d
Size: 98.73 MB
Asianux Server 7 for x86_64
- bpftool-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: e3b63891c6e5e6ec6d17f51abe7dd1be
SHA-256: 7e57e2befee1673f0447fe7ac84182cae2ce393c9bdad4981232fdc43d39f491
Size: 8.49 MB - kernel-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: ba76d064d2444a516b98aa3edd44ef03
SHA-256: 6f5e07aaaf0b0d04affb9b6326c9247118fcdcb70525cc7953f576faacb3dfe6
Size: 50.35 MB - kernel-debug-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 75604529f312dee85fd6a662dd42233c
SHA-256: 3f01c09b3c172ce793a6b4e2b3cf0e6fc8cf2a574bac353982543b144aa27c80
Size: 52.65 MB - kernel-debug-devel-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 472dc8f2433c932bbcad1785e56020cf
SHA-256: 1064cd3822efa307b29044ecc2558c2259f1b0b4d2a5ab55856cc963c1dd0c8a
Size: 18.05 MB - kernel-devel-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 303cb1ded29edf14f03eddb4dd6d4879
SHA-256: c4f8a801ae425c3fbaf44474c0f194bf4e297a551380ed82c0f093acacb5a067
Size: 17.98 MB - kernel-doc-3.10.0-1160.59.1.el7.noarch.rpm
MD5: 8684160b6f4073434606a287d6992cab
SHA-256: c712af94f9a9bb6ecdb871073fee6e3cf6fba85374eb9f0b46636b8a4f4cab9b
Size: 19.52 MB - kernel-headers-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 2bcf2f9d1513acb62b59ac78608611c9
SHA-256: 668b451d7a1211434c33df1b662a45b51395c3458aaa83054b49899ae7e1178c
Size: 9.05 MB - kernel-tools-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 39a4cd07e10dc1c689595511b3f9c94f
SHA-256: 7ef0bf7787c103ba30e14036f4fcb6989f7fc3a725dac26ba0e6e21e376ffbb5
Size: 8.16 MB - kernel-tools-libs-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 66397f5f33c54508f3cc4126288bac0b
SHA-256: d8d2bef6b6baf97ca7a07082cc961ecca86237799613cd43460a6cd311183772
Size: 8.06 MB - perf-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: 711422aa60a9d8a1eb17873b31ecd92e
SHA-256: 73c3c9f523cd95479d18f06e37045ed8078e8144bb9a0bd5149c556f75f0eb66
Size: 9.70 MB - python-perf-3.10.0-1160.59.1.el7.x86_64.rpm
MD5: ea922db572a98cbf2a09abdc117a8ba3
SHA-256: 4725634d75fd897aa220aa78e0546d001dbd32f279f1e5daed68d698457b7bb3
Size: 8.15 MB