CentOS

The Community ENTerprise Operating System
https://forums.centos.org/

CVE-2021-33909

https://forums.centos.org/viewtopic.php?f=51&t=77930

Page 1 of 2

CVE-2021-33909

Posted: 2021/07/21 14:51:09
by kilian
Hi!

I see that the kernel fix for CVE-2021-33909 (kernel-3.10.0-1160.36.2.el7, https://access.redhat.com/errata/RHSA-2021:2725) is not available in CentOS updates yet. What's the typical delay for inclusion in CentOS?

Thanks.

Re: CVE-2021-33909

Posted: 2021/07/21 16:15:58
by jlehtone
I guess it depends on size of build and severity.

If we look at the previous kernel release, 3.10.0-1160.31.1.el7
* 2021-06-08 RHEL annoucement https://access.redhat.com/errata/RHSA-2021:2314
* 2021-06-14 CentOS release https://lists.centos.org/pipermail/cent ... 48337.html

Re: CVE-2021-33909

Posted: 2021/07/21 16:33:21
by TrevorH
It's building and likely to be released today/tomorrow.

Re: CVE-2021-33909

Posted: 2021/07/21 16:37:29
by kilian
Perfect, thanks!

Re: CVE-2021-33909

Posted: 2021/07/21 17:33:44
by DizzyNYC
Is there a status page on the build progress?

Re: CVE-2021-33909

Posted: 2021/07/21 18:46:39
by TrevorH
In a word, no.

Re: CVE-2021-33909

Posted: 2021/07/27 04:56:04
by harrywangca
I am running CentOS 7.6 1810 and I referred to :

https://lists.centos.org/pipermail/cent ... 48344.html
and
http://mirror.centos.org/centos/7/updat ... s/?C=M;O=D
to download:
bpftool-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm
kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm
perf-3.10.0-1160.36.2.el7.x86_64.rpm
python-perf-3.10.0-1160.36.2.el7.x86_64.rpm

Probably you also need:
linux-firmware 20200421-80.git78c0348.el7_9

to put all together into a folder and go to that folder to apply all rpm via: yes | yum --disablerepo=\* update ./*.rpm ;

It works! no vulnerability to my system now.

Good luck

Re: CVE-2021-33909

Posted: 2021/07/27 04:58:07
by harrywangca
By the way, is there any rpm for this CVE-2021-33909 and CVE-2021-33910 for CentOS 8?

I am still looking for .......

Thanks.

Re: CVE-2021-33909

Posted: 2021/07/27 15:19:10
by TrevorH
I am running CentOS 7.6 1810 and I referred to :
Do not do this.Only 7.9 gets any support. By running 7.6 you are missing out on nearly 3 years of security patches.

Re: CVE-2021-33909

Posted: 2021/07/27 19:06:54
by jlehtone
harrywangca wrote:
2021/07/27 04:58:07
 ... CVE-2021-33909 and CVE-2021-33910 for CentOS 8?
Red Hat has published 2021-07-20:
https://access.redhat.com/security/cve/cve-2021-33909
https://access.redhat.com/security/cve/cve-2021-33910
Corresponding CentOS Linux 8 files are dated 20.7.--21.7.
All times are UTC
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited