All Vulnerability Reports

USN-4979-1: Linux kernel vulnerabilities


Severity

Medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 16.04

Description

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673)

It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-28660)

Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964)

Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971)

It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972)

It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-29647)

Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916)

It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483)

CVEs contained in this USN include: CVE-2021-28660, CVE-2021-28964, CVE-2020-25672, CVE-2021-28972, CVE-2021-29647, CVE-2021-3483, CVE-2021-28971, CVE-2020-25670, CVE-2021-31916, CVE-2020-25671, CVE-2020-25673, CVE-2021-3428, CVE-2021-33033

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Isolation Segment
    • 2.7.x versions with Xenial Stemcells prior to 456.165
    • 2.8.x versions with Xenial Stemcells prior to 621.130
    • 2.9.x versions with Xenial Stemcells prior to 621.130
    • 2.10.x versions with Xenial Stemcells prior to 621.130
    • 2.11.x versions with Xenial Stemcells prior to 621.130
  • Operations Manager
    • 2.9.x versions prior to 2.9.20
    • 2.10.x versions prior to 2.10.13
  • VMware Tanzu Application Service for VMs
    • 2.7.x versions with Xenial Stemcells prior to 456.165
    • 2.8.x versions with Xenial Stemcells prior to 621.130
    • 2.9.x versions with Xenial Stemcells prior to 621.130
    • 2.10.x versions with Xenial Stemcells prior to 621.130
    • 2.11.x versions with Xenial Stemcells prior to 621.130
    • 2.12.x versions with Xenial Stemcells prior to 621.130

Mitigation

Users of affected products are strongly encouraged to follow the mitigation below. On the Tanzu Network product page for each release, check the Depends On section and/or Release Notes for this information. Releases that have fixed this issue include:

  • Isolation Segment
    • 2.7.x: Upgrade Xenial Stemcells to 456.165 or greater
    • 2.8.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.9.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.10.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.11.x: Upgrade Xenial Stemcells to 621.130 or greater
  • Operations Manager
    • 2.9.20
    • 2.10.13
  • VMware Tanzu Application Service for VMs
    • 2.7.x: Upgrade Xenial Stemcells to 456.165 or greater
    • 2.8.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.9.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.10.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.11.x: Upgrade Xenial Stemcells to 621.130 or greater
    • 2.12.x: Upgrade Xenial Stemcells to 621.130 or greater

References

History

2021-12-08: Initial vulnerability report published.