MGASA-2021-0490
- Source
- https://advisories.mageia.org/MGASA-2021-0490.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0490.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0490
- Related
- Published
- 2021-10-25T15:49:26Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel-linus packages fix security vulnerabilities
- Details
-
This kernel-linus update is based on upstream 5.10.75 and fixes at least the following security issues:
A memory leak in the ccprunaesgcmcmd() function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service (memory consumption) (CVE-2021-3744).
A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd() function that allows an malicious user to cause a denial of service (CVE-2021-3764).
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system (CVE-2021-20321).
preallocelemsand_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (CVE-2021-41864).
For other upstream fixes, see the referenced changelogs.
- References
-
- https://advisories.mageia.org/MGASA-2021-0490.html
- https://bugs.mageia.org/show_bug.cgi?id=29572
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.71
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.72
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.73
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.74
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.75
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / kernel-linus
Package
- Name
- kernel-linus
- Purl
- pkg:rpm/mageia/kernel-linus?distro=mageia-8