Incorrect Check of Function Return Value Affecting kernel package, versions <0:4.14.238-182.421.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNEL-7246784
- published 12 Jun 2024
- disclosed 28 Feb 2024
Introduced: 28 Feb 2024
CVE-2021-47006 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2 kernel to version 0:4.14.238-182.421.amzn2 or higher.
This issue was patched in ALAS2-2021-1685.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel package and not the kernel package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
The commit 1879445dfa7b ("perf/core: Set event's default ::overflow_handler()") set a default event->overflow_handler in perf_event_alloc(), and replace the check event->overflow_handler with is_default_overflow_handler(), but one is missing.
Currently, the bp->overflow_handler can not be NULL. As a result, enable_single_step() is always not invoked.
Comments from Zhen Lei:
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47006
- https://git.kernel.org/stable/c/3ed8832aeaa9a37b0fc386bb72ff604352567c80
- https://git.kernel.org/stable/c/555a70f7fff03bd669123487905c47ae27dbdaac
- https://git.kernel.org/stable/c/630146203108bf6b8934eec0dfdb3e46dcb917de
- https://git.kernel.org/stable/c/7eeacc6728c5478e3c01bc82a1f08958eaa12366
- https://git.kernel.org/stable/c/a506bd5756290821a4314f502b4bafc2afcf5260
- https://git.kernel.org/stable/c/a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb
- https://git.kernel.org/stable/c/dabe299425b1a53a69461fed7ac8922ea6733a25
- https://git.kernel.org/stable/c/ed1f67465327cec4457bb988775245b199da86e6