ALAS2LIVEPATCH-2021-073

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2021-073
Advisory Released Date: 2021-12-18
Advisory Updated Date: 2025-04-23

Severity: Important

References: CVE-2021-4002 CVE-2021-43267
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. (CVE-2021-43267)

Affected Packages:

kernel-livepatch-5.10.68-62.173

Issue Correction:
Run yum update kernel-livepatch-5.10.68-62.173 to update your system.

New Packages:

src:
    kernel-livepatch-5.10.68-62.173-1.0-3.amzn2.src

x86_64:
    kernel-livepatch-5.10.68-62.173-1.0-3.amzn2.x86_64
    kernel-livepatch-5.10.68-62.173-debuginfo-1.0-3.amzn2.x86_64

Changelog:

2025-04-23: CVE-2021-4002 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2021-4002, CVE-2021-43267

Mitre: CVE-2021-4002, CVE-2021-43267