An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1429 Final 1.0 1.0 2021-11-12 Initial 2021-11-12 2021-11-12 openEuler SA Tool V1.0 2021-11-12 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. The Linux Kernel, the operating system core itself. Security Fix(es): An improper validation of an array index and out of bounds memory read in the Linux kernel s Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.(CVE-2021-3896) A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.(CVE-2021-3760) A flaw was found in the Linux kernel s CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI (ISDN) hardware connection fails.(CVE-2021-34981) Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150(CVE-2020-3702) UAF in Android ION memory allocator.(CVE-2021-0929) A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.(CVE-2021-20322) A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.(CVE-2021-20320) An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.(CVE-2021-43389) Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.(CVE-2020-16119) An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3896 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3760 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-34981 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-3702 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-0929 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20322 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20320 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43389 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-16119 https://nvd.nist.gov/vuln/detail/CVE-2021-3896 https://nvd.nist.gov/vuln/detail/CVE-2021-3760 https://nvd.nist.gov/vuln/detail/CVE-2021-34981 https://nvd.nist.gov/vuln/detail/CVE-2020-3702 https://nvd.nist.gov/vuln/detail/CVE-2021-0929 https://nvd.nist.gov/vuln/detail/CVE-2021-20322 https://nvd.nist.gov/vuln/detail/CVE-2021-20320 https://nvd.nist.gov/vuln/detail/CVE-2021-43389 https://nvd.nist.gov/vuln/detail/CVE-2020-16119 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 bpftool-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-tools-4.19.90-2111.3.0.0121.oe1.aarch64.rpm perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python2-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-debugsource-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-source-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python3-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python2-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-tools-4.19.90-2111.3.0.0121.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-devel-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-source-4.19.90-2111.3.0.0121.oe1.aarch64.rpm bpftool-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.aarch64.rpm python3-perf-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-debugsource-4.19.90-2111.3.0.0121.oe1.aarch64.rpm kernel-4.19.90-2111.3.0.0121.oe1.src.rpm kernel-4.19.90-2111.3.0.0121.oe1.src.rpm kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python2-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python3-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-tools-4.19.90-2111.3.0.0121.oe1.x86_64.rpm perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm bpftool-4.19.90-2111.3.0.0121.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-debugsource-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-source-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-source-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python2-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python3-perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-debugsource-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-tools-4.19.90-2111.3.0.0121.oe1.x86_64.rpm perf-debuginfo-4.19.90-2111.3.0.0121.oe1.x86_64.rpm perf-4.19.90-2111.3.0.0121.oe1.x86_64.rpm bpftool-4.19.90-2111.3.0.0121.oe1.x86_64.rpm kernel-4.19.90-2111.3.0.0121.oe1.x86_64.rpm An improper validation of an array index and out of bounds memory read in the Linux kernel s Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service. 2021-11-12 CVE-2021-3896 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. 2021-11-12 CVE-2021-3760 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 A flaw was found in the Linux kernel s CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI (ISDN) hardware connection fails. 2021-11-12 CVE-2021-34981 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 2021-11-12 CVE-2020-3702 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 6.5 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 UAF in Android ION memory allocator. 2021-11-12 CVE-2021-0929 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.3 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. 2021-11-12 CVE-2021-20322 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. 2021-11-12 CVE-2021-20320 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. 2021-11-12 CVE-2021-43389 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. 2021-11-12 CVE-2020-16119 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2021-11-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1429