Alibaba Cloud Linux 2.1903 Hotfix Security Advisory: HOTFIX-SA-2021:0021
Issued: 2021-07-23
Updated: 2021-07-23
Summary
kernel-hotfix security update
Severity
High
Description
An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion prior to performing operations. This vulnerability is a type conversion vulnerability in the filesystem layer of the Linux kernel. A type conversion vulnerability is a condition when converting between two types and can lead to an overflow, creating a large negative value.
References
Updated Packages
- x86_64
- kernel-hotfix-5956925-24.al7-1.0-20210722180632.al7.x86_64.rpm → (download)