{"id":"OESA-2021-1475","summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.(CVE-2021-4002)\r\n\r\nIn unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel(CVE-2021-0920)\r\n\r\nA vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.(CVE-2021-4037)\r\n\r\nA race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.(CVE-2021-20321)\r\n\r\nIn __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel(CVE-2021-39656)\r\n\r\nIn gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel(CVE-2021-39648)\r\n\r\nThe issue reported to the Linux security team allowed one to read and/or write up to 65kB of kernel memory past buffer boundaries by exploiting lack of limiting of the usb control transfer request wLength in certain gadget functions.(CVE-2021-39685)\r\n\r\npep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.(CVE-2021-45095)\r\n\r\nA vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.(CVE-2021-4149)\n\nIn the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)","modified":"2026-03-11T06:04:00.839225Z","published":"2021-12-31T11:03:26Z","upstream":["CVE-2020-25211","CVE-2021-0920","CVE-2021-20321","CVE-2021-39648","CVE-2021-39656","CVE-2021-39685","CVE-2021-4002","CVE-2021-4037","CVE-2021-4149","CVE-2021-45095"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1475"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4002"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0920"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4037"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20321"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39656"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39648"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39685"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45095"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4149"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25211"}],"affected":[{"package":{"name":"kernel","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2112.6.0.0130.oe1"}]}],"ecosystem_specific":{"x86_64":["kernel-tools-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","python2-perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-tools-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-source-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","python3-perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","perf-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","bpftool-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2112.6.0.0130.oe1.x86_64.rpm","kernel-devel-4.19.90-2112.6.0.0130.oe1.x86_64.rpm"],"src":["kernel-4.19.90-2112.6.0.0130.oe1.src.rpm"],"aarch64":["kernel-debugsource-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","python3-perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-source-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-devel-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-tools-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","python2-perf-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2112.6.0.0130.oe1.aarch64.rpm","bpftool-4.19.90-2112.6.0.0130.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1475.json"}},{"package":{"name":"kernel","ecosystem":"openEuler:20.03-LTS-SP2","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2112.6.0.0129.oe1"}]}],"ecosystem_specific":{"x86_64":["kernel-debugsource-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","python2-perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","bpftool-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","python3-perf-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-tools-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-devel-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2112.6.0.0129.oe1.x86_64.rpm","kernel-source-4.19.90-2112.6.0.0129.oe1.x86_64.rpm"],"src":["kernel-4.19.90-2112.6.0.0129.oe1.src.rpm"],"aarch64":["kernel-tools-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-source-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-devel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","bpftool-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","kernel-tools-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","python2-perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm","python3-perf-4.19.90-2112.6.0.0129.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1475.json"}}],"schema_version":"1.7.5"}