Mageia 7: MGASA-2021-0031 Critical: Kernel Security Issues
mageia
January 15, 2021
This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support
Summary
This update provides an upgrade to the new upstream 5.10 longterm branch,
currently based on 5.10.6, adding new features and new and improved
hardware support.
This update also fixes atleast the following security issues:
In binder_release_work of binder.c, there is a possible use-after-free due
to improper locking. This could lead to local escalation of privilege in
the kernel with no additional execution privileges needed. User interaction
is not needed for exploitation (CVE-2020-0423).
In various methods of hid-multitouch.c, there is a possible out of bounds
write due to a missing bounds check. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction
is not needed for exploitation (CVE-2020-0465).
Insufficient access control in the Linux kernel driver for some Intel(R)
Processors may allow an authenticated user to potentially enable information
disclosure via local access (CVE-2020-8694).
A potential vulnerability in the AM...
References
- https://bugs.mageia.org/show_bug.cgi?id=27939
- - - - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.1
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.3
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6
- https://www.cve.org/CVERecord?id=CVE-2020-0423
- https://www.cve.org/CVERecord?id=CVE-2020-0465
- https://www.cve.org/CVERecord?id=CVE-2020-8694
- https://www.cve.org/CVERecord?id=CVE-2020-12912
- https://www.cve.org/CVERecord?id=CVE-2020-14351
- https://www.cve.org/CVERecord?id=CVE-2020-25656
- https://www.cve.org/CVERecord?id=CVE-2020-25668
- https://www.cve.org/CVERecord?id=CVE-2020-25669
- https://www.cve.org/CVERecord?id=CVE-2020-25704
- https://www.cve.org/CVERecord?id=CVE-2020-25705
- https://www.cve.org/CVERecord?id=CVE-2020-27152
- https://www.cve.org/CVERecord?id=CVE-2020-27194
- https://www.cve.org/CVERecord?id=CVE-2020-27673
- https://www.cve.org/CVERecord?id=CVE-2020-27675
- https://www.cve.org/CVERecord?id=CVE-2020-27825
- https://www.cve.org/CVERecord?id=CVE-2020-27830
- https://www.cve.org/CVERecord?id=CVE-2020-27835
- https://www.cve.org/CVERecord?id=CVE-2020-28588
- https://www.cve.org/CVERecord?id=CVE-2020-28915
- https://www.cve.org/CVERecord?id=CVE-2020-28941
- https://www.cve.org/CVERecord?id=CVE-2020-28974
- https://www.cve.org/CVERecord?id=CVE-2020-29534
- https://www.cve.org/CVERecord?id=CVE-2020-29660
- https://www.cve.org/CVERecord?id=CVE-2020-29661
Resolution
SRPMS
- 7/core/kernel-linus-5.10.6-1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 15 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0031.html
Type: security
CVE: CVE-2020-0423,
CVE-2020-0465,
CVE-2020-8694,
CVE-2020-12912,
CVE-2020-14351,
CVE-2020-25656,
CVE-2020-25668,
CVE-2020-25669,
CVE-2020-25704,
CVE-2020-25705,
CVE-2020-27152,
CVE-2020-27194,
CVE-2020-27673,
CVE-2020-27675,
CVE-2020-27825,
CVE-2020-27830,
CVE-2020-27835,
CVE-2020-28588,
CVE-2020-28915,
CVE-2020-28941,
CVE-2020-28974,
CVE-2020-29534,
CVE-2020-29660,
CVE-2020-29661
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!