Mageia 2021-0085: kernel-linus security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2021-0085 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 15 Feb 2021
URL: https://advisories.mageia.org/MGASA-2021-0085.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2021-3348,
     CVE-2021-26708

This kernel-linus update is based on upstream 5.10.14 and fixes atleast
the following security issues:

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12
has an ndb_queue_rq use-after-free that could be triggered by local
attackers (with access to the nbd device) via an I/O request at a
certain point during device setup (CVE-2021-3348).

A local privilege escalation was discovered in the Linux kernel before
5.10.13. Multiple race conditions in the AF_VSOCK implementation are
caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).

It also adds the following fixes:
- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28341
- https://bugs.mageia.org/show_bug.cgi?id=28312
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708

SRPMS:
- 7/core/kernel-linus-5.10.14-1.mga7

Mageia 2021-0085: kernel-linus security update

This kernel-linus update is based on upstream 5.10.14 and fixes atleast the following security issues: nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 ha...

Summary

This kernel-linus update is based on upstream 5.10.14 and fixes atleast the following security issues:
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (CVE-2021-3348).
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).
It also adds the following fixes: - make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=28341

- https://bugs.mageia.org/show_bug.cgi?id=28312

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708

Resolution

MGASA-2021-0085 - Updated kernel-linus packages fix security vulnerabilities

SRPMS

- 7/core/kernel-linus-5.10.14-1.mga7

Severity
Publication date: 15 Feb 2021
URL: https://advisories.mageia.org/MGASA-2021-0085.html
Type: security
CVE: CVE-2021-3348, CVE-2021-26708

News

Advisories

HOWTOs

Features

A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy