OESA-2021-1475

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.(CVE-2021-4002)

In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel(CVE-2021-0920)

A vulnerability was found in the fs/inode.c:inodeinitowner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.(CVE-2021-4037)

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.(CVE-2021-20321)

In _configfsopen_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel(CVE-2021-39656)

In gadgetdevdescUDCshow of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel(CVE-2021-39648)

The issue reported to the Linux security team allowed one to read and/or write up to 65kB of kernel memory past buffer boundaries by exploiting lack of limiting of the usb control transfer request wLength in certain gadget functions.(CVE-2021-39685)

pepsockaccept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.(CVE-2021-45095)

A vulnerability was found in btrfsalloctree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.(CVE-2021-4149)

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2112.6.0.0130.oe1

Ecosystem specific

{
    "src": [
        "kernel-4.19.90-2112.6.0.0130.oe1.src.rpm"
    ],
    "x86_64": [
        "kernel-tools-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "bpftool-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2112.6.0.0130.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-debugsource-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm",
        "bpftool-4.19.90-2112.6.0.0130.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2112.6.0.0129.oe1

Ecosystem specific

{
    "src": [
        "kernel-4.19.90-2112.6.0.0129.oe1.src.rpm"
    ],
    "x86_64": [
        "kernel-debugsource-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "bpftool-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2112.6.0.0129.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-tools-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "bpftool-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm"
    ]
}