MGASA-2021-0418

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0418.html

Import Source

https://advisories.mageia.org/MGASA-2021-0418.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0418

Related

Published

2021-09-08T09:23:46Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on upstream 5.10.62 and fixes at least the following security issues:

A flaw use-after-free in function scosocksendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel() together with the call scosock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-3640).

A process with CAPSYSADMIN can cause a kernel NULL pointer dereference in btrfs code (CVE-2021-3739).

there is an out-of-bound read bug in qrtrendpointpost in net/qrtr/qrtr.c (CVE-2021-3743).

An out-of-bounds read due to a race condition has been found in the Linux kernel due to write access to vcmode is not protected by a lock in vtioctl (KDSETMDE) (CVE-2021-3753).

A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13 (CVE-2021-40490).

Other fixes in this update: - audio stopped working with the update to kernel 5.10.60 released in MGASA-2021-0409 (mga#29426). - x86/ACPI/State: Optimize C3 entry on AMD CPUs - fscrypt: add fscryptsymlinkgetattr() for computing stsize - ext4: report correct stsize for encrypted symlinks - f2fs: report correct stsize for encrypted symlinks - ubifs: report correct stsize for encrypted symlinks

For other upstream fixes, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.62-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.26-1.4.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18-1.22.mga8

Ecosystem specific

{
    "section": "core"
}