Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Mageia 7: 2021-0061 Critical: Linux Kernel Remote Access and Execution

mageia
Calendar Grey January 31, 2021
Dist Mageia Esm H88
Mageia 2022-0072 resolves urgent kernel flaws relating to unauthorized remote access and local execution risks.
This kernel update is based on upstream 5.10.12 and fixes atleast the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export ...

Summary

This kernel update is based on upstream 5.10.12 and fixes atleast the following security issues:
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS (CVE-2021-3178).
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel (CVE-2021-3347).
It also adds the following fixes: - ALSA: hda: Add Cometlake-R PCI ID - ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid - ALSA: hda/via: Apply the workaround generically for Clevo machines - ASoC: AMD Renoir - refine DMI entries for some Lenovo products - crypto: arm64/sha - add missing module aliases - drm/amdgpu: Add Missing Sienna Cichlid DID - drm/gpu/nouveau/dispnv50: Restore pushing of all data - fix and re-enamble 3rdparty rtl8821ce driver (mga#28150) - iwlwifi: prov...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28210

- https://bugs.mageia.org/show_bug.cgi?id=28150

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.12

- https://www.cve.org/CVERecord?id=CVE-2021-3178

- https://www.cve.org/CVERecord?id=CVE-2021-3347

Topics%20covered

Topics Covered

security advisory critical remote access kernel execution execution threat Mageia NFS exploit

Resolution

SRPMS

- 7/core/kernel-5.10.12-1.mga7

- 7/core/kmod-virtualbox-6.1.18-4.mga7

- 7/core/kmod-xtables-addons-3.13-9.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 31 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0061.html
Type: security
CVE: CVE-2021-3178, CVE-2021-3347

Topics%20covered

Topics Covered

security advisory critical remote access kernel execution execution threat Mageia NFS exploit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here