ID

VAR-202107-1361

CVE

CVE-2021-33909

TITLE

Linux kernel Input validation error vulnerability

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.7.21 security and bug fix update Advisory ID: RHSA-2021:2763-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2763 Issue date: 2021-07-26 CVE Names: CVE-2021-33909 CVE-2021-33910 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.7 - noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z source tree (BZ#1957359) * Placeholder bug for OCP 4.7.0 rpm release (BZ#1983534) 4. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 1970887 - CVE-2021-33910 systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash 1983534 - Placeholder bug for OCP 4.7.0 rpm release 6. Package List: Red Hat OpenShift Container Platform 4.7: Source: cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el7.src.rpm openshift-4.7.0-202107132131.p0.git.558d959.assembly.stream.el7.src.rpm openshift-ansible-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.src.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.src.rpm noarch: openshift-ansible-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.noarch.rpm openshift-ansible-test-4.7.0-202107070256.p0.git.e1b19c2.assembly.stream.el7.noarch.rpm x86_64: cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el7.x86_64.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el7.x86_64.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.7: Source: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.src.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.src.rpm kernel-4.18.0-240.23.2.el8_3.src.rpm kernel-rt-4.18.0-240.23.2.rt7.79.el8_3.src.rpm openshift-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.src.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.src.rpm openshift-kuryr-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.src.rpm systemd-239-41.el8_3.3.src.rpm noarch: kernel-abi-whitelists-4.18.0-240.23.2.el8_3.noarch.rpm kernel-doc-4.18.0-240.23.2.el8_3.noarch.rpm openshift-kuryr-cni-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm python3-kuryr-kubernetes-4.7.0-202107070256.p0.git.c7654fb.assembly.stream.el8.noarch.rpm ppc64le: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.ppc64le.rpm bpftool-4.18.0-240.23.2.el8_3.ppc64le.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.ppc64le.rpm kernel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-core-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-headers-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-ipaclones-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-libs-4.18.0-240.23.2.el8_3.ppc64le.rpm kernel-tools-libs-devel-4.18.0-240.23.2.el8_3.ppc64le.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.ppc64le.rpm perf-4.18.0-240.23.2.el8_3.ppc64le.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm python3-perf-4.18.0-240.23.2.el8_3.ppc64le.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.ppc64le.rpm s390x: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.s390x.rpm bpftool-4.18.0-240.23.2.el8_3.s390x.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.s390x.rpm kernel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-240.23.2.el8_3.s390x.rpm kernel-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-headers-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.s390x.rpm kernel-tools-4.18.0-240.23.2.el8_3.s390x.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-core-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-devel-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-240.23.2.el8_3.s390x.rpm kernel-zfcpdump-modules-internal-4.18.0-240.23.2.el8_3.s390x.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.s390x.rpm perf-4.18.0-240.23.2.el8_3.s390x.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm python3-perf-4.18.0-240.23.2.el8_3.s390x.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.s390x.rpm x86_64: atomic-openshift-service-idler-4.7.0-202107070256.p0.git.39cfc66.assembly.stream.el8.x86_64.rpm bpftool-4.18.0-240.23.2.el8_3.x86_64.rpm bpftool-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm cri-o-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm cri-o-debuginfo-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm cri-o-debugsource-1.20.4-4.rhaos4.7.gitf7276ed.el8.x86_64.rpm kernel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-core-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-cross-headers-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-core-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-devel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-extra-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debug-modules-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-devel-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-headers-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-ipaclones-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-extra-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-modules-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-rt-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-core-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-core-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-devel-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-kvm-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debug-modules-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debuginfo-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-devel-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-kvm-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-extra-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-modules-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-rt-selftests-internal-4.18.0-240.23.2.rt7.79.el8_3.x86_64.rpm kernel-selftests-internal-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-libs-4.18.0-240.23.2.el8_3.x86_64.rpm kernel-tools-libs-devel-4.18.0-240.23.2.el8_3.x86_64.rpm openshift-clients-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.7.0-202107070256.p0.git.8b4b094.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.7.0-202107132131.p0.git.558d959.assembly.stream.el8.x86_64.rpm perf-4.18.0-240.23.2.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm python3-perf-4.18.0-240.23.2.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.23.2.el8_3.x86_64.rpm systemd-239-41.el8_3.3.x86_64.rpm systemd-container-239-41.el8_3.3.x86_64.rpm systemd-container-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-debugsource-239-41.el8_3.3.x86_64.rpm systemd-devel-239-41.el8_3.3.x86_64.rpm systemd-journal-remote-239-41.el8_3.3.x86_64.rpm systemd-journal-remote-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-libs-239-41.el8_3.3.x86_64.rpm systemd-libs-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-pam-239-41.el8_3.3.x86_64.rpm systemd-pam-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-tests-239-41.el8_3.3.x86_64.rpm systemd-tests-debuginfo-239-41.el8_3.3.x86_64.rpm systemd-udev-239-41.el8_3.3.x86_64.rpm systemd-udev-debuginfo-239-41.el8_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYP7mF9zjgjWX9erEAQgZ9w//YYzC2fpVCACER7JZoIPkj5kgKpNZb2dl rAWgr+4jY5kTvZWF189Xbte1l82nWPYNhsC159NvlhevkFvNXvq5sCNrjn/5c9r7 4Kcxfoxssz2XS8k5QeOgm1eNaIyRbvO0N2GPJu5hFXqZJgC9Pd1a4aKGECRNT55d hiAbsYgB5BgbC/Zoz1p50p4t8oIQtaurNizNF/gk97WqcLaRHRN3JgxXv5Q7qn0W 6kxA5Vj7MYUnVR18h+GQv9BFxhOGW0E6JWsNXOpRuyyy2ZIDiRcaXL67luB2n24O H6Sc4nOxV4wEZ/0gWfb5YjRdwVdxQXwxa9hegiWX+CeApLUrsvZy0W0Ca/Bc7pbv B+FuHJZMjrAy7ORnILkkSGh1jHO5D3m22SWs3+mokJnUAl9CMFj/l9xbZEli0Nga bxbJg1TSQg30PGc1DQOdeM7i9dNHJGiJw1b89rP/R3W+9eUjtZTdaeD/irwbFTP0 KYCl+KmjnjWayXP+ZfdW0fWwBo1rl5o6bjTai1ztfjZALXaYQpCEyhvZsLbzL+j9 PIRUvwT3TXk0014tPyweLQLRwpOTPFhAro3hgzsLUKFpQhB2vhbR0U8yu/SGRS3z x4SzHQhYcU24UTJxMLUXdRQjniJbRZsyaCpUM0FvSVxzzhpwMiOAR9IZhvOOW5mo aRtMwhGvgzU= =dqQ0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This affects kernel/bpf/core.c and net/core/filter.c. (CVE-2018-25020) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * RHEL8.2 Snapshot2 - tpm: ibmvtpm: Wait for buffer to be set before proceeding (BZ#1933986) * fnic crash from invalid request pointer (BZ#1961707) * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963051) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1969338) 4. 8.1) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. (CVE-2021-33909) Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. ========================================================================== Ubuntu Security Notice USN-5018-1 July 20, 2021 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1078-oracle 4.15.0-1078.86 linux-image-4.15.0-1092-raspi2 4.15.0-1092.98 linux-image-4.15.0-1097-kvm 4.15.0-1097.99 linux-image-4.15.0-1106-gcp 4.15.0-1106.120 linux-image-4.15.0-1109-aws 4.15.0-1109.116 linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118 linux-image-4.15.0-1121-azure 4.15.0-1121.134 linux-image-4.15.0-151-generic 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae 4.15.0-151.157 linux-image-4.15.0-151-lowlatency 4.15.0-151.157 linux-image-aws-lts-18.04 4.15.0.1109.112 linux-image-azure-lts-18.04 4.15.0.1121.94 linux-image-gcp-lts-18.04 4.15.0.1106.125 linux-image-generic 4.15.0.151.139 linux-image-generic-lpae 4.15.0.151.139 linux-image-kvm 4.15.0.1097.93 linux-image-lowlatency 4.15.0.151.139 linux-image-oracle-lts-18.04 4.15.0.1078.88 linux-image-raspi2 4.15.0.1092.90 linux-image-snapdragon 4.15.0.1109.112 linux-image-virtual 4.15.0.151.139 Ubuntu 16.04 ESM: linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1 linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1 linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1 linux-image-aws-hwe 4.15.0.1109.100 linux-image-azure 4.15.0.1121.112 linux-image-gcp 4.15.0.1106.107 linux-image-generic-hwe-16.04 4.15.0.151.146 linux-image-gke 4.15.0.1106.107 linux-image-lowlatency-hwe-16.04 4.15.0.151.146 linux-image-oem 4.15.0.151.146 linux-image-oracle 4.15.0.1078.66 linux-image-virtual-hwe-16.04 4.15.0.151.146 Ubuntu 14.04 ESM: linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1 linux-image-azure 4.15.0.1121.94 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5018-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118 . These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

input validation error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-01-23T21:24:46.974000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE