{"schema_version":"1.7.2","id":"OESA-2021-1324","modified":"2021-08-28T11:03:09Z","published":"2021-08-28T11:03:09Z","upstream":["CVE-2021-34556","CVE-2021-35477","CVE-2021-21781","CVE-2021-38160"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.(CVE-2021-34556)\r\n\r\nIn the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.(CVE-2021-35477)\r\n\r\nAn information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11(CVE-2021-21781)\r\n\r\nIn drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u0026gt;len value exceeding the buffer size.(CVE-2021-38160)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2108.8.0.0106.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-debugsource-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-tools-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python2-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","bpftool-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-source-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python3-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2108.8.0.0106.oe1.src.rpm"],"x86_64":["python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python3-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-source-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python2-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","bpftool-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-tools-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2108.8.0.0106.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-debugsource-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-tools-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","bpftool-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-source-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python3-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","python2-perf-4.19.90-2108.8.0.0106.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2108.8.0.0106.oe1.src.rpm"],"x86_64":["kernel-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-source-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python2-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python3-perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","kernel-tools-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","perf-4.19.90-2108.8.0.0106.oe1.x86_64.rpm","bpftool-4.19.90-2108.8.0.0106.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1324"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-34556"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35477"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21781"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38160"}],"database_specific":{"severity":"High"}}