Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Mageia: MGASA-2021-0100 Moderate Kernel Memory Leak and Escalation Issue

mageia
Calendar Grey March 4, 2021
Dist Mageia Esm H88
MGASA-2021-0100 kernel patch addresses multiple severe flaws in Mageia 8 stemming from upstream kernel sources.
This kernel update is based on upstream 5.10.19 and fixes atleast the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel c...

Summary

This kernel update is based on upstream 5.10.19 and fixes atleast the following security issues:
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y, CONFIG_CGROUPS=y, CONFIG_CGROUP_BPF=y, CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. NOTE! Mageia kernel configs have HARDENED_USERCOPY enabled by default, making this an non-issue when using prebuilt kernels (CVE-2021-20194).
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an e...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28467

- https://bugs.mageia.org/show_bug.cgi?id=28435

- https://bugs.mageia.org/show_bug.cgi?id=28429

- https://bugs.mageia.org/show_bug.cgi?id=28417

- https://bugs.mageia.org/show_bug.cgi?id=28415

- https://bugs.mageia.org/show_bug.cgi?id=27910

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.15

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.16

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.17

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.18

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.19

- https://www.cve.org/CVERecord?id=CVE-2021-20194

- https://www.cve.org/CVERecord?id=CVE-2021-26930

- https://www.cve.org/CVERecord?id=CVE-2021-26931

- https://www.cve.org/CVERecord?id=CVE-2021-26932

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation DoS moderate threat heap overflow kernel escalation kernel issues CVE issues Mageia

Resolution

SRPMS

- 7/core/kernel-5.10.19-1.mga7

- 7/core/kmod-virtualbox-6.1.18-7.mga7

- 7/core/kmod-xtables-addons-3.13-13.mga7

Publication date: 04 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0099.html
Type: security
CVE: CVE-2021-20194, CVE-2021-26930, CVE-2021-26931, CVE-2021-26932

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation DoS moderate threat heap overflow kernel escalation kernel issues CVE issues Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here