Improper Input Validation Affecting kernel-debuginfo-common-x86_64 package, versions <0:4.14.238-182.421.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELDEBUGINFOCOMMONX8664-6744936
- published 1 May 2024
- disclosed 27 Feb 2024
Introduced: 27 Feb 2024
CVE-2021-46950 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2 kernel-debuginfo-common-x86_64 to version 0:4.14.238-182.421.amzn2 or higher.
This issue was patched in ALAS2-2021-1685.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debuginfo-common-x86_64 package and not the kernel-debuginfo-common-x86_64 package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: properly indicate failure when ending a failed write request
This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being cleared.
Since we are in the failure leg of raid1_end_write_request, the request either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded).
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46950
- https://git.kernel.org/stable/c/12216d0919b64ee2ea5dc7a50e455670f44383d5
- https://git.kernel.org/stable/c/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd
- https://git.kernel.org/stable/c/538244fba59fde17186322776247cd9c05be86dd
- https://git.kernel.org/stable/c/59452e551784b7a57a45d971727e9db63b192515
- https://git.kernel.org/stable/c/661061a45e32d8b2cc0e306da9f169ad44011382
- https://git.kernel.org/stable/c/6920cef604fa57f9409e3960413e9cc11f5c5a40
- https://git.kernel.org/stable/c/a6e17cab00fc5bf85472434c52ac751426257c6f