An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1429
Final
1.0
1.0
2021-11-12
Initial
2021-11-12
2021-11-12
openEuler SA Tool V1.0
2021-11-12
kernel security update
An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
The Linux Kernel, the operating system core itself.
Security Fix(es):
An improper validation of an array index and out of bounds memory read in the Linux kernel s Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.(CVE-2021-3896)
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.(CVE-2021-3760)
A flaw was found in the Linux kernel s CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI (ISDN) hardware connection fails.(CVE-2021-34981)
Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150(CVE-2020-3702)
UAF in Android ION memory allocator.(CVE-2021-0929)
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.(CVE-2021-20322)
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.(CVE-2021-20320)
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.(CVE-2021-43389)
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.(CVE-2020-16119)
An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3896
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3760
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-34981
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-3702
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-0929
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20322
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20320
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43389
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-16119
https://nvd.nist.gov/vuln/detail/CVE-2021-3896
https://nvd.nist.gov/vuln/detail/CVE-2021-3760
https://nvd.nist.gov/vuln/detail/CVE-2021-34981
https://nvd.nist.gov/vuln/detail/CVE-2020-3702
https://nvd.nist.gov/vuln/detail/CVE-2021-0929
https://nvd.nist.gov/vuln/detail/CVE-2021-20322
https://nvd.nist.gov/vuln/detail/CVE-2021-20320
https://nvd.nist.gov/vuln/detail/CVE-2021-43389
https://nvd.nist.gov/vuln/detail/CVE-2020-16119
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
bpftool-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-tools-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python2-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-source-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python3-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python2-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-tools-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-source-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
bpftool-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
python3-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2111.3.0.0121.oe1.aarch64.rpm
kernel-4.19.90-2111.3.0.0121.oe1.src.rpm
kernel-4.19.90-2111.3.0.0121.oe1.src.rpm
kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python2-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python3-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-tools-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
bpftool-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-source-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-source-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python2-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python3-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-tools-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
bpftool-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
kernel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm
An improper validation of an array index and out of bounds memory read in the Linux kernel s Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.
2021-11-12
CVE-2021-3896
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
2021-11-12
CVE-2021-3760
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
High
7.0
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
A flaw was found in the Linux kernel s CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI (ISDN) hardware connection fails.
2021-11-12
CVE-2021-34981
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
High
7.5
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
2021-11-12
CVE-2020-3702
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
UAF in Android ION memory allocator.
2021-11-12
CVE-2021-0929
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
High
7.3
AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
2021-11-12
CVE-2021-20322
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
High
7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
2021-11-12
CVE-2021-20320
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
2021-11-12
CVE-2021-43389
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.
2021-11-12
CVE-2020-16119
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2021-11-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429