Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
August 20, 2021 - TuxCare PR Team
As you may have seen, TuxCare’s Live Patching service, KernelCare Enterprise, now supports Rocky Linux. The first 5 CVEs fixed are already being delivered through the service. So let’s take a deeper look at these in this article.
The Kernel shipping with Rocky Linux, like others, was found to be vulnerable to CVE-2020-26541, CVE-2021-22555, CVE-2021-32399, CVE-2021-33034, and CVE-2021-33909.
Starting with CVE-2020-26541, this is a flaw in how the Secure Boot Forbidden Signature Database (dbx) is enforced. This list of signatures should not be accepted as valid when added to the Secure Boot store, and the code that checks the list ignores signatures with a specific EFI_CERT_X509_GUID attribute. According to Redhat’s analysis of the issue, it can lead to a breach in system integrity, confidentiality, and potentially a denial of service. For those interested in checking, the affected code lies in certs/blacklist.c and certs/system_keyring.c.
CVE-2021-22555 refers to an out-of-bounds heap write that happens in a code path in net/netfilter/x_tables.c, which, in specific system configurations, can lead to privilege elevation or memory corruption. The system has to have specific options included in the kernel (CONFIG_USER_NS and CONFIG_NET_NS) to be exploitable.
For systems where Bluetooth is used, CVE-2021-32399 identifies a race condition during Host Controller Interface (HCI) removal that can corrupt memory and, for a properly motivated attacker, result in privilege escalation. Servers will usually have Bluetooth modules blacklisted, but if they don’t, then these can be affected by this issue.
Also, in the Bluetooth subsystem, a use-after-free flaw was found in hci_send_acl that could be exploited to result in a denial of service of the affected system. This issue was assigned CVE-2021-33034.
CVE-2021-33909, otherwise known under the more flamboyant name “Sequoia”, is a vulnerability that affects all Linux distributions, including Rocky Linux. It has already been covered by us before. It is basically a flaw in the way a conversion is made on the file path length of a specially crafted, very deep, directory path. When such a path (whose total length must exceed 1GB – note that it is not the directory used storage space, it’s the actual name of the directories) is then operated upon with specific commands, it is possible to corrupt memory space in a predictable location. This potentially changes memory in such a way as to create an escalation of privilege situation. While it requires a complex set of operations to perform, exploit code has been found available online.
The TuxCare’s KernelCare Enterprise Team will continue to deliver thoroughly tested patches in a timely manner for all supported distributions, including the newly added Rocky Linux.
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...