ID

VAR-202107-1361

CVE

CVE-2021-33909

TITLE

Linux Kernel  Classic buffer overflow vulnerability in

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Linux Kernel Exists in a classic buffer overflow vulnerability. Vendor exploits this vulnerability CID-8cae8cd89f05 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * RHEL8.2 Snapshot2 - tpm: ibmvtpm: Wait for buffer to be set before proceeding (BZ#1933986) * fnic crash from invalid request pointer (BZ#1961707) * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963051) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1969338) 4. ========================================================================= Ubuntu Security Notice USN-5015-1 July 20, 2021 linux-oem-5.10 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.10: Linux kernel for OEM systems Details: It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-28691) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.10.0-1038-oem 5.10.0-1038.40 linux-image-oem-20.04 5.10.0.1038.40 linux-image-oem-20.04b 5.10.0.1038.40 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7.7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.7.21 security and bug fix update Advisory ID: RHSA-2021:2763-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2763 Issue date: 2021-07-26 CVE Names: CVE-2021-33909 CVE-2021-33910 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.7 - noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z source tree (BZ#1957359) * Placeholder bug for OCP 4.7.0 rpm release (BZ#1983534) 4. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 1970887 - CVE-2021-33910 systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash 1983534 - Placeholder bug for OCP 4.7.0 rpm release 6. Package List: Red Hat OpenShift Container Platform 4.7: Source: cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el7.src.rpm openshift-4.7.0-202107132131.p0.git.558d959.assembly.stream.el7.src.rpm openshift-ansible-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.src.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.src.rpm noarch: openshift-ansible-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.noarch.rpm openshift-ansible-test-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.noarch.rpm x86_64: cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el7.x86_64.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el7.x86_64.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.7: Source: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.src.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.src.rpm kernel-4.18.0-240.23.2.el8_3.src.rpm kernel-rt-4.18.0-240.23.2.rt7.79.el8_3.src.rpm openshift-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.src.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.src.rpm openshift-kuryr-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.src.rpm systemd-239-41.el8_3.3.src.rpm noarch: kernel-abi-whitelists-4.18.0-240.23.2.el8_3.noarch.rpm kernel-doc-4.18.0-240.23.2.el8_3.noarch.rpm openshift-kuryr-cni-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm python3-kuryr-kubernetes-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm ppc64le: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.ppc64le.rpm bpftool-4.18.0-240.23.2.el8_3.ppc64le.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm kernel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-core-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-headers-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-ipaclones-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-libs-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-libs-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.ppc64le.rpm perf-4.18.0-240.23.2.el8_3.ppc64le.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm python3-perf-4.18.0-240.23.2.el8_3.ppc64le.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm s390x: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.s390x.rpm bpftool-4.18.0-240.23.2.el8_3.s390x.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm kernel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-240.23.2.el8_3.s390x.rpm kernel-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-headers-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-tools-4.18.0-240.23.2.el8_3.s390x.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.s390x.rpm perf-4.18.0-240.23.2.el8_3.s390x.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm python3-perf-4.18.0-240.23.2.el8_3.s390x.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm x86_64: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.x86_64.rpm bpftool-4.18.0-240.23.2.el8_3.x86_64.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm kernel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-core-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-devel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-headers-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-ipaclones-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-rt-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-core-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-core-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-devel-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-kvm-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debuginfo-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-devel-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-kvm-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-extra-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-selftests-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-libs-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-libs-devel-4.18.0-240.23.2.el8_3.x86_64.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.x86_64.rpm perf-4.18.0-240.23.2.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm python3-perf-4.18.0-240.23.2.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm systemd-239-41.el8_3.3.x86_64.rpm systemd-container-239-41.el8_3.3.x86_64.rpm systemd-container-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-debugsource-239-41.el8_3.3.x86_64.rpm systemd-devel-239-41.el8_3.3.x86_64.rpm systemd-journal-remote-239-41.el8_3.3.x86_64.rpm systemd-journal-remote-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-libs-239-41.el8_3.3.x86_64.rpm systemd-libs-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-pam-239-41.el8_3.3.x86_64.rpm systemd-pam-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-tests-239-41.el8_3.3.x86_64.rpm systemd-tests-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-udev-239-41.el8_3.3.x86_64.rpm systemd-udev-debuginfo-239-41.el8_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/cve/CVE-2021-33910 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYP7mF9zjgjWX9erEAQgZ9w//YYzC2fpVCACER7JZoIPkj5kgKpNZb2dl rAWgr+4jY5kTvZWF189Xbte1l82nWPYNhsC159NvlhevkFvNXvq5sCNrjn/5c9r7 4Kcxfoxssz2XS8k5QeOgm1eNaIyRbvO0N2GPJu5hFXqZJgC9Pd1a4aKGECRNT55d hiAbsYgB5BgbC/Zoz1p50p4t8oIQtaurNizNF/gk97WqcLaRHRN3JgxXv5Q7qn0W 6kxA5Vj7MYUnVR18h+GQv9BFxhOGW0E6JWsNXOpRuyyy2ZIDiRcaXL67luB2n24O H6Sc4nOxV4wEZ/0gWfb5YjRdwVdxQXwxa9hegiWX+CeApLUrsvZy0W0Ca/Bc7pbv B+FuHJZMjrAy7ORnILkkSGh1jHO5D3m22SWs3+mokJnUAl9CMFj/l9xbZEli0Nga bxbJg1TSQg30PGc1DQOdeM7i9dNHJGiJw1b89rP/R3W+9eUjtZTdaeD/irwbFTP0 KYCl+KmjnjWayXP+ZfdW0fWwBo1rl5o6bjTai1ztfjZALXaYQpCEyhvZsLbzL+j9 PIRUvwT3TXk0014tPyweLQLRwpOTPFhAro3hgzsLUKFpQhB2vhbR0U8yu/SGRS3z x4SzHQhYcU24UTJxMLUXdRQjniJbRZsyaCpUM0FvSVxzzhpwMiOAR9IZhvOOW5mo aRtMwhGvgzU= =dqQ0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2021-3653) Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26 Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69 Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-azure - 4.15.0-1078 linux-hwe - 4.15.0-69 linux - 4.4.0-168 linux - 4.4.0-211 Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168 References - CVE-2021-3653 - CVE-2021-3656 - CVE-2021-22555 - CVE-2021-33909 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

arbitrary

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-20T19:38:09.106000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE