MGASA-2021-0085 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 15 Feb 2021
URL: https://advisories.mageia.org/MGASA-2021-0085.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2021-3348,
CVE-2021-26708
This kernel-linus update is based on upstream 5.10.14 and fixes atleast
the following security issues:
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12
has an ndb_queue_rq use-after-free that could be triggered by local
attackers (with access to the nbd device) via an I/O request at a
certain point during device setup (CVE-2021-3348).
A local privilege escalation was discovered in the Linux kernel before
5.10.13. Multiple race conditions in the AF_VSOCK implementation are
caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).
It also adds the following fixes:
- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
For other upstream fixes, see the referenced changelogs.
References:
- https://bugs.mageia.org/show_bug.cgi?id=28341
- https://bugs.mageia.org/show_bug.cgi?id=28312
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708
SRPMS:
- 7/core/kernel-linus-5.10.14-1.mga7
Mageia 2021-0085: kernel-linus security update
Summary
CVE: CVE-2021-3348,
CVE-2021-26708
This kernel-linus update is based on upstream 5.10.14 and fixes atleast
the following security issues:
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12
has an ndb_queue_rq use-after-free that could be triggered by local
attackers (with access to the nbd device) via an I/O request at a
certain point during device setup (CVE-2021-3348).
A local privilege escalation was discovered in the Linux kernel before
5.10.13. Multiple race conditions in the AF_VSOCK implementation are
caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).
It also adds the following fixes:
- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
For other upstream fixes, see the referenced changelogs.
Resolution
MGASA-2021-0085 - Updated kernel-linus packages fix security vulnerabilities
References
- https://bugs.mageia.org/show_bug.cgi?id=28341
- https://bugs.mageia.org/show_bug.cgi?id=28312
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708
Severity
Issued Date: 15 Feb 2021
URL: https://advisories.mageia.org/MGASA-2021-0085.html
Type: security
Affected Mageia releases: 7
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
