ID

VAR-202207-1358

CVE

CVE-2021-33656

TITLE

Linux Kernel  Out-of-bounds write vulnerability in

DESCRIPTION

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. Linux Kernel Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5650-1 September 30, 2022 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Christian Brauner discovered that the XFS file system implementation in the Linux kernel did not properly handle setgid file creation. A local attacker could use this to gain elevated privileges. (CVE-2021-4037) It was discovered that the ext4 file system implementation in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0850) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A remote attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2639) Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the Linux kernel contained multiple out-of-bounds vulnerabilities. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2964) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Journaled File System (JFS) in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3202) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: linux-image-4.4.0-1114-kvm 4.4.0-1114.124 linux-image-4.4.0-1151-aws 4.4.0-1151.166 linux-image-4.4.0-234-generic 4.4.0-234.268 linux-image-4.4.0-234-lowlatency 4.4.0-234.268 linux-image-aws 4.4.0.1151.155 linux-image-generic 4.4.0.234.240 linux-image-kvm 4.4.0.1114.111 linux-image-lowlatency 4.4.0.234.240 linux-image-virtual 4.4.0.234.240 Ubuntu 14.04 ESM: linux-image-4.4.0-1113-aws 4.4.0-1113.119 linux-image-4.4.0-234-generic 4.4.0-234.268~14.04.1 linux-image-4.4.0-234-lowlatency 4.4.0-234.268~14.04.1 linux-image-aws 4.4.0.1113.110 linux-image-generic-lts-xenial 4.4.0.234.203 linux-image-lowlatency-lts-xenial 4.4.0.234.203 linux-image-virtual-lts-xenial 4.4.0.234.203 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5650-1 CVE-2021-33655, CVE-2021-33656, CVE-2021-4037, CVE-2022-0850, CVE-2022-1199, CVE-2022-1204, CVE-2022-1729, CVE-2022-20368, CVE-2022-2639, CVE-2022-2964, CVE-2022-2978, CVE-2022-3028, CVE-2022-3202, CVE-2022-36946 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates Advisory ID: RHSA-2023:3326-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:3326 Issue date: 2023-05-25 CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-1679 CVE-2022-1789 CVE-2022-2196 CVE-2022-2663 CVE-2022-3028 CVE-2022-3239 CVE-2022-3522 CVE-2022-3524 CVE-2022-3564 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3627 CVE-2022-3628 CVE-2022-3707 CVE-2022-3970 CVE-2022-4129 CVE-2022-20141 CVE-2022-25265 CVE-2022-30594 CVE-2022-35252 CVE-2022-36227 CVE-2022-39188 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43552 CVE-2022-43750 CVE-2022-47929 CVE-2023-0361 CVE-2023-0394 CVE-2023-0461 CVE-2023-1195 CVE-2023-1582 CVE-2023-1999 CVE-2023-22490 CVE-2023-23454 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 CVE-2023-28856 CVE-2023-29007 CVE-2023-32313 CVE-2023-32314 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/ Security Fix(es): * CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZHBqdtzjgjWX9erEAQgPBBAAnba1fjcWKh24XoIxjEsRwYwq2JN7qmIU MANW+FQiQX2SxrlS729OKswdcDQbMeGr2S9bnmZutqTTihgS/0DnCEUV4leX2fec iX3+umTRrS4S2n1bs6jhMTygTHNFMEm0hRlaif0T35YnLtFDUO82QQVMAuifh0kn 5Z8n3oHiu5KX8oHQueP2zk9jC1DP2LWcxPZq3X90kYPTYn1bv12N8EcmaiIsQI2L I5vXMPLf/SSl22Fzgs/qvFrdpRzwuWl4OATWjdICIZZg4hVrxG/k4pekuPX1QsTE 7sFOBsDp6i9RW/ZgUG30BI7RI5TZv1x087SI9j5M4PL06ePnYzBeWOPmkD5XeclV ScJvCcVQpI4gef0QrsRcfaMaVdYgJa4S6rn0RJddaXY1FsyhDU/61LjEpI/Mu5LC GKchpJC+lUGhGWy7r5Nn563VuUwdjKqjvtBdU4UwB/K6GoLF4QYMWOcBlZUBxNfD JLVIVj5FgQYNMcV/0KFsL51rlbeTCntp4xH5QbPxt+932E0FlSej5Y1dqTBNX78a w0hkqQoBDqjfYK80yvyeRI5X3ZQ4SHJe61ozHVSLa+VhGz5WDrPaHNsFkPM01EsV pUhn2d27SA+SRwPE93GG6smk1dHgx6grZCISvRbtqzItoXcDdEb5L94GZx0pIFiF nh/78SLF0ZU= =P0X2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

arbitrary

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu

SOURCES

LAST UPDATE DATE

2024-12-21T22:49:01.713000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE