SB2021041207 - Red Hat Enterprise Linux 8 update for kernel
Published: April 12, 2021 Updated: December 3, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0466)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error, related to I/O subsystem in kernel. A local user can elevated privileges on the system.
2) Infinite loop (CVE-ID: CVE-2020-27152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel. A local user can consume all available system resources and cause denial of service conditions.
3) Path traversal (CVE-ID: CVE-2020-28374)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.
4) Use-after-free (CVE-ID: CVE-2021-3347)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
5) Improper Privilege Management (CVE-ID: CVE-2021-26708)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
6) Information disclosure (CVE-ID: CVE-2021-27363)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-27364)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.
8) Buffer overflow (CVE-ID: CVE-2021-27365)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Remediation
Install update from vendor's website.