An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1324 Final 1.0 1.0 2021-08-28 Initial 2021-08-28 2021-08-28 openEuler SA Tool V1.0 2021-08-28 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. The Linux Kernel, the operating system core itself. Security Fix(es): In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.(CVE-2021-34556) In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.(CVE-2021-35477) An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11(CVE-2021-21781) In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.(CVE-2021-38160) An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1324 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-34556 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-35477 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-21781 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-38160 https://nvd.nist.gov/vuln/detail/CVE-2021-34556 https://nvd.nist.gov/vuln/detail/CVE-2021-35477 https://nvd.nist.gov/vuln/detail/CVE-2021-21781 https://nvd.nist.gov/vuln/detail/CVE-2021-38160 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 kernel-debugsource-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-tools-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python2-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm bpftool-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-source-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python3-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-debugsource-4.19.90-2108.8.0.0106.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-tools-4.19.90-2108.8.0.0106.oe1.aarch64.rpm bpftool-4.19.90-2108.8.0.0106.oe1.aarch64.rpm perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-source-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python3-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm python2-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm kernel-4.19.90-2108.8.0.0106.oe1.src.rpm kernel-4.19.90-2108.8.0.0106.oe1.src.rpm python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python3-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-source-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-debugsource-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python2-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm bpftool-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-tools-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-source-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python2-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python3-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-debugsource-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm kernel-tools-4.19.90-2108.8.0.0106.oe1.x86_64.rpm perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm bpftool-4.19.90-2108.8.0.0106.oe1.x86_64.rpm In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. 2021-08-28 CVE-2021-34556 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.2 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2021-08-28 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1324 In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. 2021-08-28 CVE-2021-35477 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2021-08-28 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1324 An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 2021-08-28 CVE-2021-21781 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N kernel security update 2021-08-28 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1324 In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. 2021-08-28 CVE-2021-38160 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2021-08-28 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1324