Kernel Security Update (MINDBREEZE18807)

ID: MINDBREEZE18807 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 7.8 Important 
Status: Final 
First published: October 4, 2021 
CVEs: CVE-2021-3347, CVE-2020-8648, CVE-2020-27170 

Summary

• BZ - 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
• BZ - 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
• BZ - 1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 21.2 Release (Version 21.2.1.1027)

• Mindbreeze InSpire SaaS 21.2 Release (Version 21.2.1.1027)