SB2022042024 - Fedora 35 update for kernel, kernel-headers, kernel-tools

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2021-4095)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context in kvm_dirty_ring_get() function in virt/kvm/dirty_ring.c. A local user can pass specially crafted input to the KVM_XEN_HVM_SET_ATTR IOCTL and perform a denial of service (DoS) attack.

2) Out-of-bounds read (CVE-ID: CVE-2021-4204)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition in Linux kernel eBPF. A local user trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.

3) Use-after-free (CVE-ID: CVE-2022-1204)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel’s Amateur Radio AX.25 protocol functionality when user connects with the protocol. A local user can trigger use-after-free error to perform a denial of service attack or escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2022-8efcea6e67