Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI 2: CVE-2021-47541: Security patch for kernel (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Amazon Linux AMI 2: CVE-2021-47541: Security patch for kernel (Multiple Advisories)

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/24/2024

Created

07/09/2024

Added

07/09/2024

Modified

07/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv(). After that mlx4_en_alloc_resources() is called and there is a dereference of &tmp->tx_cq[t][i] in mlx4_en_alloc_resources(), which could lead to a use after free problem on failure of mlx4_en_copy_priv(). Fix this bug by adding a check of mlx4_en_copy_priv() This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_MLX4_EN=m show no new warnings, and our static analyzer no longer warns about this code.

Solution(s)

amazon-linux-ami-2-upgrade-bpftool
amazon-linux-ami-2-upgrade-bpftool-debuginfo
amazon-linux-ami-2-upgrade-kernel
amazon-linux-ami-2-upgrade-kernel-debuginfo
amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
amazon-linux-ami-2-upgrade-kernel-devel
amazon-linux-ami-2-upgrade-kernel-headers
amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-262-200-489
amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-93-87-444
amazon-linux-ami-2-upgrade-kernel-tools
amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
amazon-linux-ami-2-upgrade-kernel-tools-devel
amazon-linux-ami-2-upgrade-perf
amazon-linux-ami-2-upgrade-perf-debuginfo
amazon-linux-ami-2-upgrade-python-perf
amazon-linux-ami-2-upgrade-python-perf-debuginfo

References

https://attackerkb.com/topics/cve-2021-47541
AL2/ALAS-2022-1749
AL2/ALASKERNEL-5.10-2022-009
AL2/ALASKERNEL-5.4-2022-021
CVE - 2021-47541

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI 2: CVE-2021-47541: Security patch for kernel (Multiple Advisories)

Amazon Linux AMI 2: CVE-2021-47541: Security patch for kernel (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.