kernel-3.10.0-1160.59.1.el7

エラータID: AXSA:2022-3092:04

Release date: 
Thursday, March 3, 2022 - 05:12
Subject: 
kernel-3.10.0-1160.59.1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)
kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
kernel: out of bounds write in hid-multitouch.c may lead to escalation of privilege (CVE-2020-0465)
kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)
kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
kernel: possible use-after-free in bluetooth module (CVE-2021-3752)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Kernel with enabled BERT does not decode CPU fatal events correctly
Call trace seen during controller random reset on IB config
Infinite loop in blk_set_queue_dying() from blk_queue_for_each_rl() when another CPU races and modifies the queue's blkg_list
NFS client kernel crash in NFS4 backchannel transmit path - ftrace_raw_event_rpc_task_queued called from rpc_run_bc_task
SELinux is preventing / from mount access on the filesystem /proc

CVE(s):
CVE-2020-0466
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
CVE-2021-0920
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
CVE-2021-4155
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-0330
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22942
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-0465
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Solution: 

Update packages.

CVEs: 
CVE-2020-0465
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
CVE-2020-0466
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
CVE-2021-0920
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-4155
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-0330
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22942
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-1160.59.1.el7.src.rpm
    MD5: ff75b7bb4b728da90e03938538a7c3c4
    SHA-256: e723cfdc89a6e2a70684622a587117071ed031d62df8bd3d3234268d4e5d949d
    Size: 98.73 MB

Asianux Server 7 for x86_64
  1. bpftool-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: e3b63891c6e5e6ec6d17f51abe7dd1be
    SHA-256: 7e57e2befee1673f0447fe7ac84182cae2ce393c9bdad4981232fdc43d39f491
    Size: 8.49 MB
  2. kernel-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: ba76d064d2444a516b98aa3edd44ef03
    SHA-256: 6f5e07aaaf0b0d04affb9b6326c9247118fcdcb70525cc7953f576faacb3dfe6
    Size: 50.35 MB
  3. kernel-debug-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 75604529f312dee85fd6a662dd42233c
    SHA-256: 3f01c09b3c172ce793a6b4e2b3cf0e6fc8cf2a574bac353982543b144aa27c80
    Size: 52.65 MB
  4. kernel-debug-devel-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 472dc8f2433c932bbcad1785e56020cf
    SHA-256: 1064cd3822efa307b29044ecc2558c2259f1b0b4d2a5ab55856cc963c1dd0c8a
    Size: 18.05 MB
  5. kernel-devel-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 303cb1ded29edf14f03eddb4dd6d4879
    SHA-256: c4f8a801ae425c3fbaf44474c0f194bf4e297a551380ed82c0f093acacb5a067
    Size: 17.98 MB
  6. kernel-doc-3.10.0-1160.59.1.el7.noarch.rpm
    MD5: 8684160b6f4073434606a287d6992cab
    SHA-256: c712af94f9a9bb6ecdb871073fee6e3cf6fba85374eb9f0b46636b8a4f4cab9b
    Size: 19.52 MB
  7. kernel-headers-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 2bcf2f9d1513acb62b59ac78608611c9
    SHA-256: 668b451d7a1211434c33df1b662a45b51395c3458aaa83054b49899ae7e1178c
    Size: 9.05 MB
  8. kernel-tools-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 39a4cd07e10dc1c689595511b3f9c94f
    SHA-256: 7ef0bf7787c103ba30e14036f4fcb6989f7fc3a725dac26ba0e6e21e376ffbb5
    Size: 8.16 MB
  9. kernel-tools-libs-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 66397f5f33c54508f3cc4126288bac0b
    SHA-256: d8d2bef6b6baf97ca7a07082cc961ecca86237799613cd43460a6cd311183772
    Size: 8.06 MB
  10. perf-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: 711422aa60a9d8a1eb17873b31ecd92e
    SHA-256: 73c3c9f523cd95479d18f06e37045ed8078e8144bb9a0bd5149c556f75f0eb66
    Size: 9.70 MB
  11. python-perf-3.10.0-1160.59.1.el7.x86_64.rpm
    MD5: ea922db572a98cbf2a09abdc117a8ba3
    SHA-256: 4725634d75fd897aa220aa78e0546d001dbd32f279f1e5daed68d698457b7bb3
    Size: 8.15 MB