[QSA-0320211] Linux kernel vulnerabilities

Qlustar Security Advisory 0320211

March 20th, 2021

Summary:

The system could crash or be made to run programs as an administrator.

    Package(s)       : linux-image-ql-generic,
                     qlustar-module-core-bionic-amd64-11.0.1,
                     qlustar-module-core-centos7-amd64-11.0.1,
                     qlustar-module-core-centos8-amd64-11.0.1,
                     qlustar-module-core-focal-amd64-12.0.0,
                     qlustar-module-core-centos7-amd64-12.0.0,
                     qlustar-module-core-centos8-amd64-12.0.0
    Qlustar releases : 11.0, 12.0
    Affected versions: All versions prior to this update
    Vulnerability    : privilege escalation/denial of service
    Problem type     : local
    Qlustar-specific : no
    CVE Id(s)        : Not documented
  

A number of vulnerabilities and bugs have been discovered in the 5.4.x Linux kernel series since the last Qlustar 12.0 release based on 5.4.89. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.4.89 up to the current Qlustar kernel 5.4.104:

    Linux kernel 5.4.104
    Linux kernel 5.4.103
    Linux kernel 5.4.102
    Linux kernel 5.4.101
    Linux kernel 5.4.100
    Linux kernel 5.4.99
    Linux kernel 5.4.98
    Linux kernel 5.4.97
    Linux kernel 5.4.96
    Linux kernel 5.4.95
    Linux kernel 5.4.94
    Linux kernel 5.4.93
    Linux kernel 5.4.92
    Linux kernel 5.4.91
    Linux kernel 5.4.90
  

A number of vulnerabilities and bugs have been discovered in the 4.19.x Linux kernel series since the last Qlustar 11.0 release based on 4.19.167. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 4.19.167 up to the current Qlustar kernel 4.19.179:

    Linux kernel 4.19.179
    Linux kernel 4.19.178
    Linux kernel 4.19.177
    Linux kernel 4.19.176
    Linux kernel 4.19.175
    Linux kernel 4.19.174
    Linux kernel 4.19.173
    Linux kernel 4.19.172
    Linux kernel 4.19.171
    Linux kernel 4.19.170
    Linux kernel 4.19.169
    Linux kernel 4.19.168
  

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions and on Qlustar 11 also perform the manual steps '7. Migration to GRUB PXE booting' and '11. Adjust root bash shell initialization' as described in the Release Notes if you haven't done so yet):

For Qlustar 12.0

    linux-image-ql-generic                     5.4.104-ql-generic-12.0-7
    qlustar-module-core-focal-amd64-12.0.0     12.0.0.2-b531f1351
    qlustar-module-core-centos7-amd64-12.0.0   12.0.0.2-b531f1351
    qlustar-module-core-centos8-amd64-12.0.0   12.0.0.2-b531f1351
  

For Qlustar 11.0

    linux-image-ql-generic                     4.19.179-ql-generic-11.0-22
    qlustar-module-core-bionic-amd64-11.0.1    11.0.1.6-b533f1350
    qlustar-module-core-centos7-amd64-11.0.1   11.0.1.6-b533f1350
    qlustar-module-core-centos8-amd64-11.0.1   11.0.1.6-b533f1350