A new important Linux kernel security update was released for Red Hat Enterprise Linux 7 and CentOS Linux 7 users to address several vulnerabilities and also fix some bugs.
The new kernel security update patches a 7-years-old privilege escalation flaw (CVE-2021-33909) discovered by Qualys Research Labs in Linux kernel’s filesystem layer, which could allow an unprivileged user to create, mount, and then delete a large directory structure of over 1GB in size.
It also patches two use-after-free vulnerabilities (CVE-2021-33033 and CVE-2021-33034) discovered in Linux kernel’s CIPSO network packet labeling protocol functionality and Bluetooth HCI driver respectively, which could allow a local attacker to crash the system, execute arbitrary code, or escalate their privileges on the system.
Another security vulnerability patched in this new kernel update, which the Red Hat Product Security team marked as having a security impact of Important, is CVE-2019-20934, a flaw discovered in Linux kernel’s implementation of displaying NUMA statistics that could trigger an use-after-free vulnerability in the show_numa_stats() function of the Fair scheduler, which could be exploited by a local attacker to crash the system by causing a denial of service.
“As the NUMA features are built-in and enabled by default, the NUMA functionality can be disabled at boot time by providing the kernel parameter, numa=off,” reads the security advisory. “Disabling this feature may have significant performance impacts and the administrator should consider if the performance penalty is a problem.”
The last flaw patched in this kernel update for Red Hat Enterprise Linux 7 and CentOS Linux 7 systems is CVE-2020-11668, a NULL pointer dereference discovered in Linux kernel’s Xirlink camera USB driver that could allow a local attacker with user privilege to crash the system or leak kernel internal information.
This kernel update also fixes numerous bugs and it’s recommended for all users of the Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux for IBM z Systems 7, Red Hat Enterprise Linux for Power, big endian 7, Red Hat Enterprise Linux for Power, little endian 7, Red Hat Enterprise Linux for Scientific Computing 7, Red Hat Virtualization Host 4 for RHEL 7, and CentOS Linux 7 operating system.
Please consider updating your installations as soon as possible to the new kernel versions, which are already available in the stable software repositories, and remember to reboot your machines after successfully installing the new kernel for your architecture. More details are available in the security advisory published by Red Hat.
Last updated 6 months ago