ALAS2-2021-1696

Amazon Linux 2 Security Advisory: ALAS2-2021-1696
Advisory Released Date: 2021-08-05
Advisory Updated Date: 2025-05-19

Severity: Important

References: CVE-2021-34556 CVE-2021-35477 CVE-2021-3655 CVE-2021-47301 CVE-2021-47305 CVE-2021-47308 CVE-2021-47309 CVE-2021-47311 CVE-2021-47319 CVE-2021-47320 CVE-2021-47340 CVE-2021-47343 CVE-2021-47345 CVE-2021-47353 CVE-2023-28772
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this vulnerability is to confidentiality. (CVE-2021-34556)

A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel in the eBPF subsystem (CVE-2021-35477)

A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix use-after-free error during reset (CVE-2021-47301)

In the Linux kernel, the following vulnerability has been resolved:

dma-buf/sync_file: Don't leak fences on merge failure (CVE-2021-47305)

In the Linux kernel, the following vulnerability has been resolved:

scsi: libfc: Fix array index out of bound exception (CVE-2021-47308)

In the Linux kernel, the following vulnerability has been resolved:

net: validate lwtstate->data before returning from skb_tunnel_info() (CVE-2021-47309)

In the Linux kernel, the following vulnerability has been resolved:

net: qcom/emac: fix UAF in emac_remove (CVE-2021-47311)

In the Linux kernel, the following vulnerability has been resolved:

virtio-blk: Fix memory leak among suspend/resume procedure (CVE-2021-47319)

In the Linux kernel, the following vulnerability has been resolved:

nfs: fix acl memory leak of posix_acl_create() (CVE-2021-47320)

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix GPF in diFree (CVE-2021-47340)

In the Linux kernel, the following vulnerability has been resolved:

dm btree remove: assign new_root only when removal succeeds (CVE-2021-47343)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/cma: Fix rdma_resolve_route() memory leak (CVE-2021-47345)

In the Linux kernel, the following vulnerability has been resolved:

udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. (CVE-2023-28772)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-4.14.241-184.433.amzn2.aarch64
    kernel-headers-4.14.241-184.433.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.241-184.433.amzn2.aarch64
    perf-4.14.241-184.433.amzn2.aarch64
    perf-debuginfo-4.14.241-184.433.amzn2.aarch64
    python-perf-4.14.241-184.433.amzn2.aarch64
    python-perf-debuginfo-4.14.241-184.433.amzn2.aarch64
    kernel-tools-4.14.241-184.433.amzn2.aarch64
    kernel-tools-devel-4.14.241-184.433.amzn2.aarch64
    kernel-tools-debuginfo-4.14.241-184.433.amzn2.aarch64
    kernel-devel-4.14.241-184.433.amzn2.aarch64
    kernel-debuginfo-4.14.241-184.433.amzn2.aarch64

i686:
    kernel-headers-4.14.241-184.433.amzn2.i686

src:
    kernel-4.14.241-184.433.amzn2.src

x86_64:
    kernel-4.14.241-184.433.amzn2.x86_64
    kernel-headers-4.14.241-184.433.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.241-184.433.amzn2.x86_64
    perf-4.14.241-184.433.amzn2.x86_64
    perf-debuginfo-4.14.241-184.433.amzn2.x86_64
    python-perf-4.14.241-184.433.amzn2.x86_64
    python-perf-debuginfo-4.14.241-184.433.amzn2.x86_64
    kernel-tools-4.14.241-184.433.amzn2.x86_64
    kernel-tools-devel-4.14.241-184.433.amzn2.x86_64
    kernel-tools-debuginfo-4.14.241-184.433.amzn2.x86_64
    kernel-devel-4.14.241-184.433.amzn2.x86_64
    kernel-debuginfo-4.14.241-184.433.amzn2.x86_64
    kernel-livepatch-4.14.241-184.433-1.0-0.amzn2.x86_64

Changelog:

2025-05-19: CVE-2021-47340 was added to this advisory.

2025-05-19: CVE-2021-47353 was added to this advisory.

2025-05-19: CVE-2021-47320 was added to this advisory.

2025-05-19: CVE-2021-47345 was added to this advisory.

2025-05-19: CVE-2021-47305 was added to this advisory.

2025-05-19: CVE-2021-47308 was added to this advisory.

2025-05-19: CVE-2021-47319 was added to this advisory.

2025-05-19: CVE-2021-47343 was added to this advisory.

2025-03-10: CVE-2021-47301 was added to this advisory.

2025-02-26: CVE-2021-47311 was added to this advisory.

2025-02-26: CVE-2021-47309 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2021-34556, CVE-2021-35477, CVE-2021-3655, CVE-2021-47301, CVE-2021-47305, CVE-2021-47308, CVE-2021-47309, CVE-2021-47311, CVE-2021-47319, CVE-2021-47320, CVE-2021-47340, CVE-2021-47343, CVE-2021-47345, CVE-2021-47353, CVE-2023-28772

Mitre: CVE-2021-34556, CVE-2021-35477, CVE-2021-3655, CVE-2021-47301, CVE-2021-47305, CVE-2021-47308, CVE-2021-47309, CVE-2021-47311, CVE-2021-47319, CVE-2021-47320, CVE-2021-47340, CVE-2021-47343, CVE-2021-47345, CVE-2021-47353, CVE-2023-28772