kernel-4.18.0-372.9.1.el8

エラータID: AXSA:2022-3558:10

Release date: 
Tuesday, July 19, 2022 - 06:53
Subject: 
kernel-4.18.0-372.9.1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
* kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)
* kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)
* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)
* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)
* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)
* kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)
* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)
* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)
* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)
* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)
* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)
* kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)
* kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)
* kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)
* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)
* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)
* kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)
* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)
* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)
* kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)
* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)
* kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)
* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)
* kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)
* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)
* kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)
* kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)
* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)
* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)
* kernel: information leak in the IPv6 implementation (CVE-2021-45485)
* kernel: information leak in the IPv4 implementation (CVE-2021-45486)
* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)
* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)
* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)
* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)
* kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)
* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVE-2020-0404
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
CVE-2020-13974
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.
CVE-2020-27820
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
CVE-2021-0941
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel
CVE-2021-20322
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
CVE-2021-21781
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
CVE-2021-26401
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
CVE-2021-29154
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVE-2021-3612
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3669
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
CVE-2021-3743
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3759
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-3764
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2021-4002
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
CVE-2021-4037
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
CVE-2021-4157
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
CVE-2021-41864
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
CVE-2021-42739
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-43056
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
CVE-2021-43389
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-44733
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-45486
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0286
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2022-0322
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
CVE-2022-1011
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-4.18.0-372.9.1.el8.src.rpm
    MD5: f0c5876ffce0b085c89959be411b2a86
    SHA-256: 5727a23e3939d3c01a2f00f9de3f104815032df26c26d1417b03dc41644482c6
    Size: 123.85 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: a57809efc421dc144432ed92ae954ded
    SHA-256: 031589e3ae176b97a4c11c1c2e54a7953ddc64a2b483c6c622ed496269654675
    Size: 8.76 MB
  2. kernel-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 51b8990ba028be1d060c918189cfdede
    SHA-256: e6e9b3bb47d8f91d9a8774940cd9cd09d27c99d6b634d014c67505ff118e4f15
    Size: 8.03 MB
  3. kernel-abi-stablelists-4.18.0-372.9.1.el8.noarch.rpm
    MD5: f7b0b0b8d371402f610c55f7908e1b68
    SHA-256: 1f1fa6aa7c86defe1da1b98b48d0ff5cde8fe7d08fbb192edb7a1830ab151b47
    Size: 8.04 MB
  4. kernel-core-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: f91e4b0246bc7e3daec6b8073ba752e5
    SHA-256: 368580e3b140ddbde342ffc176f430ce7ccba93b28abfbd46b3ff5df8d81733c
    Size: 39.30 MB
  5. kernel-cross-headers-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: f2ffe383613af42e8b7d59ef07f1f763
    SHA-256: cce5b1adbbfe7496ddc8ade954d8627c7f83a8a07bb3ce4c15c6b8da9c8aece4
    Size: 13.18 MB
  6. kernel-debug-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 0be59e6524a6d3ec49e4c99b23606fc8
    SHA-256: de61d562b9e904b58f8614663a1801cfe63b1bef3ed1a35e96dbc987525d675e
    Size: 8.03 MB
  7. kernel-debug-core-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 117ada6c8e931e789e1f2c50dbe26079
    SHA-256: 29f1ac09917a03425e15e6a2165c6ae34ec9012a39dbffc2a6b19eb807a4e260
    Size: 67.56 MB
  8. kernel-debug-devel-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: ca10f18820537b9806d18b7f28c22105
    SHA-256: fec64896acd4599546aef46040d04eea7c61928aea60cd523a58811e309a3431
    Size: 21.45 MB
  9. kernel-debug-modules-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 0e5f575e0ae87e3ed11c6405e5c9ea00
    SHA-256: 2d21a3a6528fbb47b187655746e970912260bf68e478bd8d4063ee98091d2abb
    Size: 59.01 MB
  10. kernel-debug-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 71272b26d1b8cded5b434a70438f020b
    SHA-256: d1ed13ceb3bb49d22a6302bc5269eb0a262151a19ceb6ba8d152f08552ac1d1d
    Size: 9.40 MB
  11. kernel-devel-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 929c5b75b724b1b1fc51b6e626496717
    SHA-256: 2fba46a1f0aa779e0d1055ff07a8e043a1295dd86d8fe5e3c1968a667d14226d
    Size: 21.26 MB
  12. kernel-doc-4.18.0-372.9.1.el8.noarch.rpm
    MD5: 4480bafc1ef740e075eda921bdd76645
    SHA-256: d54e75c10511746292645b8d5a4752a441fc10f6a542839cd7dcb915c0b5d9e4
    Size: 25.52 MB
  13. kernel-headers-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 98d960aa1b9e76a28a80d1147cc7e4b4
    SHA-256: cdae50e8a9a10066beb796ea761fd3be54504caf1a8594bf3c33218cc17f4bb6
    Size: 9.33 MB
  14. kernel-modules-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 68aa0a1e4c82afda0e492c598453f224
    SHA-256: 23f0a9a6a51b95f42b1473b82b0c49bc3e9860067220e84898838f886dee0d60
    Size: 31.72 MB
  15. kernel-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 87218862c636baa75f7e18a06138e966
    SHA-256: 12a78eb65a6b632260b03daa4f4e730a8977787c07b51ad4bc0f10f8f031b799
    Size: 8.70 MB
  16. kernel-tools-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: b13879c84d3a6df9c2258cb599d6b5e8
    SHA-256: 2a8eb3d8198c46cda267bcebaec7f43de45d5dcedb3815112eb102bf686430e7
    Size: 8.24 MB
  17. kernel-tools-libs-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 4331c8757f6444ba718342cadbf2093c
    SHA-256: b8d7a11cf9c427e8aec327161554c1db39730337f052b511e43ef4acf448f405
    Size: 8.04 MB
  18. kernel-tools-libs-devel-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 3049b125e275ef5981642de4ec8e4714
    SHA-256: dc724336a03591f6d032af0215aaddb5c530a8ce482ac15bc2e4dd162fa4697b
    Size: 8.03 MB
  19. perf-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: f094874146d42abc1afd513673998045
    SHA-256: 85019b54c99f6f40aa578709982a203a584a732ed098e69e52ba5507ca812b25
    Size: 10.36 MB
  20. python3-perf-4.18.0-372.9.1.el8.x86_64.rpm
    MD5: 59ce8ffb6881b14b540242a897a15d42
    SHA-256: e1ea66162bfcba462a10fefa4ca4f6a6715db8625702380ad55378aca6204aae
    Size: 8.16 MB