SB2024042238 - Denial of service in Linux kernel powerpc

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2021-46990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058
• https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a
• https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b
• https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8
• https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508
• https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92
• https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d
• https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf
• https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.22
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.5
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.120