Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:3548

Опубликовано: 15 сент. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Rocky Linux8.4 Nightly[0308] - HST:STC950:Fleetwood: LPAR crashed during LPM: BUG at lib/locks.c:34! (using ibmvfc) (BZ#1969792)

  • Rocky Linux8.2 - s390/vtime: fix increased steal time accounting (BZ#1988386)

  • [FJ8.4 Bug]: Installation of Rocky Linux8.4 hang up on a Tatlow platform while loading intel_lpss_pci module. (BZ#1989560)

  • kernel panic in drm_fb_helper_dirty_work() caused by a race condition qxl driver (BZ#1992839)

  • [Rocky Linux8.4] TIOCGSERIAL ioctl fails on serial device (BZ#1993872)

  • Rocky Linux8.4 Nightly[0208] - kernel panic when executing test case for persistent device configuration (using DASD) (BZ#1995206)

  • Killing ceph daemon leaving an unhealthy ocs/ocp cluster (worker node/s NotReady) (BZ#1995862)

  • ceph: potential data corruption in cephfs write_begin codepath (BZ#1996680)

  • libceph: allow addrvecs with a single NONE/blank address (BZ#1996682)

  • [iavf] traffic stops after host sets vf trust on (BZ#1997536)

  • [ice][iavf] hit some call trace and system panic when create-remove-vfs in loop (BZ#1997538)

  • Missing backport of IMA boot aggregate calculation in Rocky Linux 8.4 kernel (BZ#1997766)

  • XArray tests broken for single processor (BZ#1997997)

  • [Rocky Linux-8.4] mlock() end up returning -EINVAL instead of -ENOMEM in rewriting the upper address bits. (BZ#1997998)

  • Kernel panic at n_tty_set_termios+0x30 (BZ#1997999)

  • [ice]BUG: scheduling while atomic: ifenslave/270215/0x00000200 (BZ#2000129)

  • [ice]port lost connectivity after removing from bonding (BZ#2000130)

Enhancement(s):

  • [Mellanox 8.5 FEAT] mlx5: drivers update upto Linux v5.12 (BZ#1983681)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64305.19.1.el8_4bpftool-4.18.0-305.19.1.el8_4.x86_64.rpm
kernelx86_64305.19.1.el8_4kernel-4.18.0-305.19.1.el8_4.x86_64.rpm
kernel-abi-stablelistsnoarch305.19.1.el8_4kernel-abi-stablelists-4.18.0-305.19.1.el8_4.noarch.rpm
kernel-abi-stablelistsnoarch305.19.1.el8_4kernel-abi-stablelists-4.18.0-305.19.1.el8_4.noarch.rpm
kernel-corex86_64305.19.1.el8_4kernel-core-4.18.0-305.19.1.el8_4.x86_64.rpm
kernel-cross-headersx86_64305.19.1.el8_4kernel-cross-headers-4.18.0-305.19.1.el8_4.x86_64.rpm
kernel-debugx86_64305.19.1.el8_4kernel-debug-4.18.0-305.19.1.el8_4.x86_64.rpm
kernel-debug-corex86_64305.19.1.el8_4kernel-debug-core-4.18.0-305.19.1.el8_4.x86_64.rpm
kernel-debug-develx86_64305.19.1.el8_4kernel-debug-devel-4.18.0-305.19.1.el8_4.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64305.19.1.el8_4kernel-debuginfo-common-x86_64-4.18.0-305.19.1.el8_4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-3653

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-3653

CVSS3: 8.8
ubuntu
больше 4 лет назад

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

redhat логотип

CVE-2021-3653

CVSS3: 8.8
redhat
больше 4 лет назад

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

nvd логотип

CVE-2021-3653

CVSS3: 8.8
nvd
больше 4 лет назад

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

msrc логотип

CVE-2021-3653

CVSS3: 8.8
msrc
больше 4 лет назад

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result the L2 guest would be allowed to read/write physical pages of the host resulting in a crash of the entire system leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

debian логотип

CVE-2021-3653

CVSS3: 8.8
debian
больше 4 лет назад

A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...