Alma Linux: CVE-2021-47383: Important: kernel security update (Multiple Advisories)

Alma Linux: CVE-2021-47383: Important: kernel security update (Multiple Advisories)

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/21/2024

Created

09/27/2024

Added

09/26/2024

Modified

11/04/2024

Description

In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates a wrong value to fbcon_display->vrows, which makes the real_y() return a wrong value of y, and that value, eventually, causes the imageblit to access an out-of-bound address value. To solve this issue I made the resize_screen() be called even if the screen does not need any resizing, so it will "fix and fill" the fb_var_screeninfo independently.

Solution(s)

• alma-upgrade-bpftool
• alma-upgrade-kernel
• alma-upgrade-kernel-64k
• alma-upgrade-kernel-64k-core
• alma-upgrade-kernel-64k-debug
• alma-upgrade-kernel-64k-debug-core
• alma-upgrade-kernel-64k-debug-devel
• alma-upgrade-kernel-64k-debug-devel-matched
• alma-upgrade-kernel-64k-debug-modules
• alma-upgrade-kernel-64k-debug-modules-core
• alma-upgrade-kernel-64k-debug-modules-extra
• alma-upgrade-kernel-64k-devel
• alma-upgrade-kernel-64k-devel-matched
• alma-upgrade-kernel-64k-modules
• alma-upgrade-kernel-64k-modules-core
• alma-upgrade-kernel-64k-modules-extra
• alma-upgrade-kernel-abi-stablelists
• alma-upgrade-kernel-core
• alma-upgrade-kernel-cross-headers
• alma-upgrade-kernel-debug
• alma-upgrade-kernel-debug-core
• alma-upgrade-kernel-debug-devel
• alma-upgrade-kernel-debug-devel-matched
• alma-upgrade-kernel-debug-modules
• alma-upgrade-kernel-debug-modules-core
• alma-upgrade-kernel-debug-modules-extra
• alma-upgrade-kernel-debug-uki-virt
• alma-upgrade-kernel-devel
• alma-upgrade-kernel-devel-matched
• alma-upgrade-kernel-doc
• alma-upgrade-kernel-headers
• alma-upgrade-kernel-modules
• alma-upgrade-kernel-modules-core
• alma-upgrade-kernel-modules-extra
• alma-upgrade-kernel-rt
• alma-upgrade-kernel-rt-core
• alma-upgrade-kernel-rt-debug
• alma-upgrade-kernel-rt-debug-core
• alma-upgrade-kernel-rt-debug-devel
• alma-upgrade-kernel-rt-debug-kvm
• alma-upgrade-kernel-rt-debug-modules
• alma-upgrade-kernel-rt-debug-modules-core
• alma-upgrade-kernel-rt-debug-modules-extra
• alma-upgrade-kernel-rt-devel
• alma-upgrade-kernel-rt-kvm
• alma-upgrade-kernel-rt-modules
• alma-upgrade-kernel-rt-modules-core
• alma-upgrade-kernel-rt-modules-extra
• alma-upgrade-kernel-tools
• alma-upgrade-kernel-tools-libs
• alma-upgrade-kernel-tools-libs-devel
• alma-upgrade-kernel-uki-virt
• alma-upgrade-kernel-zfcpdump
• alma-upgrade-kernel-zfcpdump-core
• alma-upgrade-kernel-zfcpdump-devel
• alma-upgrade-kernel-zfcpdump-devel-matched
• alma-upgrade-kernel-zfcpdump-modules
• alma-upgrade-kernel-zfcpdump-modules-core
• alma-upgrade-kernel-zfcpdump-modules-extra
• alma-upgrade-libperf
• alma-upgrade-perf
• alma-upgrade-python3-perf
• alma-upgrade-rtla
• alma-upgrade-rv

References

• https://attackerkb.com/topics/cve-2021-47383
• CVE - 2021-47383
• https://errata.almalinux.org/8/ALSA-2024-7000.html
• https://errata.almalinux.org/8/ALSA-2024-7001.html
• https://errata.almalinux.org/9/ALSA-2024-8617.html