Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Mageia 7: MGASA-2021-0100 Critical: Kernel Memory Crash Issues

mageia
Calendar Grey March 4, 2021
Dist Mageia Esm H88
Kernel-linus patch MGASA-2021-0101 addresses multiple severe vulnerabilities in Mageia. Visit the security advisories for further information.
This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 (if ke...

Summary

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues:
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y, CONFIG_CGROUPS=y, CONFIG_CGROUP_BPF=y, CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. NOTE! Mageia kernel configs have HARDENED_USERCOPY enabled by default, making this an non-issue when using prebuilt kernels (CVE-2021-20194).
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28468

- https://bugs.mageia.org/show_bug.cgi?id=28415

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.15

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.16

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.17

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.18

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.19

- https://www.cve.org/CVERecord?id=CVE-2021-20194

- https://www.cve.org/CVERecord?id=CVE-2021-26930

- https://www.cve.org/CVERecord?id=CVE-2021-26931

- https://www.cve.org/CVERecord?id=CVE-2021-26932

Topics%20covered

Topics Covered

security advisory denial of service critical issue kernel update critical heap overflow kernel Mageia mageia memory crash

Resolution

SRPMS

- 7/core/kernel-linus-5.10.19-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 04 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0100.html
Type: security
CVE: CVE-2021-20194, CVE-2021-26930, CVE-2021-26931, CVE-2021-26932

Topics%20covered

Topics Covered

security advisory denial of service critical issue kernel update critical heap overflow kernel Mageia mageia memory crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here