All customers except US A&D: to ensure that you can access all of your product downloads, you must log in to the Wind River Delivers portal https://delivers.windriver.com and visit the My Products page to force an initial sync of your product entitlement. Only after you’ve completed this step will you be able to access and download product content through the Artifacts, Registry, and Git interfaces. This also applies to users attempting to run the Wind River installer in maintenance or update mode or Linux installation updates at the command line.

Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: CVE-2021-33909 and CVE-2021-33910
Recommended

Wind River Security Vulnerability Notice: CVE-2021-33909 and CVE-2021-33910

Released: --

Summary

Wind River Security Vulnerability Notice: CVE-2021-33909 and CVE-2021-33910 of linux kernel and systemd


Affected Product Versions

Wind River Linux 9, Wind River Linux 8, Wind River Linux LTS 21, Wind River Linux CD, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17

Description

CVE-2021-33909, CVE-2021-33910



CVE-2021-33909:

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

CVE-2021-33910:

basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.


Affected Windriver Linux releases:

All releases including Wind River Linux CD, Wind River Linux LTS 21, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9 and Wind River Linux 8.

Affected software components:

linux kernel and systemd

Affected hardware:

These are pure software issues.

Mitigation

All WRLinux releases after WRLinux-8 effected by this issue and need source patches to avoid it. For details please contact our support team.


Additional References

https://nvd.nist.gov/vuln/detail/CVE-2021-33910

https://nvd.nist.gov/vuln/detail/CVE-2021-33909



Changelog

  • 7/21/2021: Initial


Installation Notes

Please contact our support team to get detailed method to mitigate these CVE issues. Or waiting for our newest RCPL releases.


Live chat
Online