Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia: 2021-0117 Moderate: Denial of Service in Kernel Fixes

mageia
Calendar Grey March 7, 2021
Dist Mageia Esm H88
MGASA-2021-0117 - Updated kernel packages fix security issues and possible filesystem corruption Pub
This kernel update is based on upstream 5.10.20 and fixes atleast the following security issues: An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV

Summary

This kernel update is based on upstream 5.10.20 and fixes atleast the following security issues:
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. (CVE-2021-28038 / XSA-367)
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. (CVE-2021-28039 / XSA-369)
It also adds a critical fix for filesystem level corruption: -...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28541

- https://bugs.mageia.org/show_bug.cgi?id=28312

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.20

- https://xenbits.xen.org/xsa/advisory-367.html

- https://xenbits.xen.org/xsa/advisory-369.html

- https://www.cve.org/CVERecord?id=CVE-2021-28038

- https://www.cve.org/CVERecord?id=CVE-2021-28039

Resolution

SRPMS

- 8/core/kernel-5.10.20-2.mga8

- 8/core/kmod-virtualbox-6.1.18-18.mga8

- 8/core/kmod-xtables-addons-3.13-34.mga8

- 7/core/kernel-5.10.20-2.mga7

- 7/core/kmod-virtualbox-6.1.18-8.mga7

- 7/core/kmod-xtables-addons-3.13-14.mga7

Publication date: 07 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0117.html
Type: security
CVE: CVE-2021-28038, CVE-2021-28039

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here