kernel-3.10.0-1160.41.1.el7
エラータID: AXSA:2021-2410:19
リリース日:
2021/09/06 Monday - 07:57
題名:
kernel-3.10.0-1160.41.1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- net/netfilter/x_tables.c には、ヒープの範囲外書き込みの問題があるた
め、ローカルの攻撃者により、ユーザー名前空間を介して、特権昇格、および
サービス拒否状態を引き起こすことを可能とする脆弱性が存在します。
(CVE-2021-22555)
- eBPF の実装には、BPF JIT コンパイラのブランチ変位の計算が不正となる
問題があるため、ローカルの攻撃者により、カーネルコンテキスト内で任意コー
ドの実行が可能となる脆弱性が存在します。(CVE-2021-29154)
- netfilter サブシステムの net/netfilter/x_tables.c および
include/linux/netfilter/x_tables.h には、新しいテーブル値の割り当て時
の完全なメモリ保護が欠如しているため、ローカルの攻撃者により、サービス
拒否 (パニック) 状態を引き起こすことを可能とする脆弱性が存在します。
(CVE-2021-29650)
- net/bluetooth/hci_request.c には、HCI コントローラーを削除する処理中
に競合状態となる問題があるため、ローカルの攻撃者により、特権昇格が可能
となる脆弱性が存在します。(CVE-2021-32399)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-27777
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
CVE-2021-29154
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
CVE-2021-29650
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
CVE-2021-32399
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-3.10.0-1160.41.1.el7.src.rpm
MD5: 818bba97f1faeccfe891a05fe3852e7d
SHA-256: 8aaf7b0f3333f87fd2eb77d5113fa776c1b0177b402cd97f111ecccd643b6162
Size: 99.96 MB
Asianux Server 7 for x86_64
- bpftool-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: 1de018f859a9840be9a518ae16074f41
SHA-256: 389349b70d995ddce4e4378d4f36ce980b2c5426b58f4e81db1e812a159d06aa
Size: 8.48 MB - kernel-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: c89886c068049c6073167f2da984d1fc
SHA-256: dcb597c4fa3e95e6c8e15aaaf67d4d4946ff3d449332d001c6ff97886021a1f5
Size: 50.32 MB - kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm
MD5: d1941617a23ac750af3f69d1e2cdbe42
SHA-256: a5aa806d367832857375f089a170dc3a83e35211345536ef9570d8e8b76268b8
Size: 8.05 MB - kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: 930ba1123150f2b97241e8a9474ad434
SHA-256: 38520c6a669bf232cab73406b5ec86a53d8d196b502b04d484facd92bcba2fc2
Size: 52.61 MB - kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: 42ed8e81d85fcb4907439729c6684c1c
SHA-256: eb7bab7264ad227af5e1ebe428d96f678bc1c8a3d56587bc41b3370f2e56cd8a
Size: 18.04 MB - kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: a003872d182d400e729b663cb18ddc67
SHA-256: c1646c2007e1a6e4396128077635eff37b5d9d44f8738d31cc11d3adac6b31e6
Size: 17.97 MB - kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm
MD5: b8b91ca2512db81aff9ecef92c83887e
SHA-256: e84b0459fa0aa143d5998edfe8dc1ac0c7614acbe4961a694882d3e57ae532c9
Size: 19.51 MB - kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: 3da8c5889a37e0e698bf87d91c355641
SHA-256: 0755a64ff51f1a1499b4762d95c1b7107a92dbfb579b11fa4144019ea9ce6b87
Size: 9.04 MB - kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: 8af57ff074cc89c3f6c8df73988b39e0
SHA-256: 1ec760ed9ef98f71f429e5348fe9d7e86e5f5db3d6d2642a81eb8ccfb579169e
Size: 8.15 MB - kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: a2ffe75672c8331ace7364885423ef23
SHA-256: 086b31ea58808bfbf60c27c148856c5d9a3f5e87d9f032d614a3c429e763f24d
Size: 8.04 MB - perf-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: 488ecc4d980e73021e58252a2f5c2469
SHA-256: 03e9d61f76d3966139479c7c116336171694d0999dc9eb226595261bfaeb2844
Size: 9.68 MB - python-perf-3.10.0-1160.41.1.el7.x86_64.rpm
MD5: bb79e5ee4e0957b87f0bb5df36812ef8
SHA-256: 058974054d69f03300e24ff02b22f335abf9652092607f1140590e8e06f6c3f2
Size: 8.14 MB