ID

VAR-202105-0904

CVE

CVE-2021-3501

TITLE

Linux Kernel  Out-of-bounds Vulnerability in Microsoft

DESCRIPTION

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Linux Kernel Is vulnerable to an out-of-bounds write.Information is tampered with and denial of service (DoS) It may be put into a state. KVM is one of the kernel-based virtual machines. This vulnerability could result in an out-of-bounds write. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security update [ovirt-4.4.6] Advisory ID: RHSA-2021:2522-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:2522 Issue date: 2021-06-22 CVE Names: CVE-2020-24489 CVE-2021-3501 CVE-2021-3560 CVE-2021-27219 ===================================================================== 1. Summary: An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) * kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) * polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) * hw: vt-d related privilege escalation (CVE-2020-24489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, systemtap dependencies were not included in the RHV-H channel. Therefore, systemtap could not be installed. In this release, the systemtap dependencies have been included in the channel, resolving the issue. (BZ#1903997) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1903997 - Provide systemtap dependencies within RHV-H channel 1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits 1950136 - CVE-2021-3501 kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run 1961710 - CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: redhat-virtualization-host-4.4.6-20210615.0.el8_4.src.rpm x86_64: redhat-virtualization-host-image-update-4.4.6-20210615.0.el8_4.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.4.6-2.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.4.6-2.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.6-2.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2021-3501 https://access.redhat.com/security/cve/CVE-2021-3560 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYNH6EtzjgjWX9erEAQg8rBAApw3Jn/EPQosAw8RDA053A4aCxO2gHC15 HK1kJ2gSn73kahmvvl3ZAFQW3Wa/OKZRFnbOKZPcJvKeVKnmeHdjmX6V/wNC/bAO i2bc69+GYd+mj3+ngKmTyFFVSsgDWCfFv6lwMl74d0dXYauCfMTiMD/K/06zaQ3b arTdExk9VynIcr19ggOfhGWAe5qX8ZXfPHwRAmDBNZCUjzWm+c+O+gQQiy/wWzMB 6vbtEqKeXfT1XgxjdQO5xfQ4Fvd8ssKXwOjdymCsEoejplVFmO3reBrl+y95P3p9 BCKR6/cWKzhaAXfS8jOlZJvxA0TyxK5+HOP8pGWGfxBixXVbaFR4E/+rnA1E04jp lGXvby0yq1Q3u4/dYKPn7oai1H7b7TOaCKrmTMy3Nwd5mKiT+CqYk2Va0r2+Cy/2 jH6CeaSKJIBFviUalmc7ZbdPR1zfa1LEujaYp8aCez8pNF0Mopf5ThlCwlZdEdxG aTK1VPajNj2i8oveRPgNAzIu7tMh5Cibyo92nkfjhV9ube7WLg4fBKbX/ZfCBS9y osA4oRWUFbJYnHK6Fbr1X3mIYIq0s2y0MO2QZWj8hvzMT+BcQy5byreU4Y6o8ikl hXz6yl7Cu6X7wm32QZNZMWbUwJfksJRBR+dfkhDcGV0/zQpMZpwHDXs06kal9vsY DRQj4fNuEQo= =bDgd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z0 source tree (BZ#1957489) 4. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944667) * Selinux: The task calling security_set_bools() deadlocks with itself when it later calls selinux_audit_rule_match(). (BZ#1945123) * [mlx5] tc flower mpls match options does not work (BZ#1952061) * mlx5: missing patches for ct.rel (BZ#1952062) * CT HWOL: with OVN/OVS, intermittently, load balancer hairpin TCP packets get dropped for seconds in a row (BZ#1952065) * [Lenovo 8.3 bug] Blackscreen after clicking on "Settings" icon from top-right corner. (BZ#1952900) * RHEL 8.x missing uio upstream fix. (BZ#1952952) * Turbostat doesn't show any measured data on AMD Milan (BZ#1952987) * P620 no sound from front headset jack (BZ#1954545) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1955188) * [net/sched] connection failed with DNAT + SNAT by tc action ct (BZ#1956458) 4. ========================================================================== Ubuntu Security Notice USN-4977-1 June 02, 2021 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3501) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: linux-image-5.11.0-1006-azure 5.11.0-1006.6 linux-image-5.11.0-1007-oracle 5.11.0-1007.7 linux-image-5.11.0-1008-aws 5.11.0-1008.8 linux-image-5.11.0-1008-gcp 5.11.0-1008.9 linux-image-5.11.0-1008-kvm 5.11.0-1008.8 linux-image-5.11.0-18-generic 5.11.0-18.19 linux-image-5.11.0-18-generic-64k 5.11.0-18.19 linux-image-5.11.0-18-generic-lpae 5.11.0-18.19 linux-image-5.11.0-18-lowlatency 5.11.0-18.19 linux-image-aws 5.11.0.1008.8 linux-image-azure 5.11.0.1006.6 linux-image-gcp 5.11.0.1008.8 linux-image-generic 5.11.0.18.19 linux-image-generic-64k 5.11.0.18.19 linux-image-generic-lpae 5.11.0.18.19 linux-image-gke 5.11.0.1008.8 linux-image-kvm 5.11.0.1008.8 linux-image-lowlatency 5.11.0.18.19 linux-image-oracle 5.11.0.1007.7 linux-image-virtual 5.11.0.18.19 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

buffer error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-11-28T22:13:58.053000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE