ALAS2LIVEPATCH-2021-051

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2021-051
Advisory Released Date: 2021-07-12
Advisory Updated Date: 2021-07-12

Severity: Important

References: CVE-2021-33034
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034)

Affected Packages:

kernel-livepatch-4.14.225-169.362

Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.225-169.362 to update your system.

New Packages:

src:
    kernel-livepatch-4.14.225-169.362-1.0-2.amzn2.src

x86_64:
    kernel-livepatch-4.14.225-169.362-1.0-2.amzn2.x86_64
    kernel-livepatch-4.14.225-169.362-debuginfo-1.0-2.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2021-33034

Mitre: CVE-2021-33034