Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2022:0022

Issued: 2022-04-12
Updated: 2022-04-12

cloud-kernel bugfix, enhancement and security update

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2022-1016:
CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM

CVE-2022-27666:
CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code

CVE-2021-3743:
CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

CVE-2021-45868:
CVE-2021-45868 kernel: fs/quota/quota_tree.c does not validate the block number in the quota tree

CVE-2021-4002:
CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs

CVE-2020-36516:
CVE-2020-36516 kernel: an off-path attacker may inject data or terminate a victim's TCP session

CVE-2020-36516:
CVE-2020-36516 kernel: an off-path attacker may inject data or terminate a victim's TCP session

CVE-2021-44879:
CVE-2021-44879 kernel: NULL pointer dereference in folio_mark_dirty() via a crafted f2fs image

CVE-2022-24448:
CVE-2022-24448 kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR

CVE-2021-4135:
CVE-2021-4135 kernel: Heap information leak in map_lookup_elem function