Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia: MGASA-2021-0152 Critical: Kernel-Linus Denial of Service Issues

mageia
Calendar Grey March 22, 2021
Dist Mageia Esm H88
Kernel-linus security patches address urgent vulnerabilities in Mageia, affecting multiple releases. Essential corrections guarantee reliability.
This kernel-linus update is based on upstream 5.10.25 and fixes atleast the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau ...

Summary

This kernel-linus update is based on upstream 5.10.25 and fixes atleast the following security issues:
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. (CVE-2020-25639).
Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel (CVE-2020-27170).
Unprivileged BPF programs running on affected 64-bit systems can exploit this to execute speculatively out-of-bounds loads from 4GB window within the kernel memory. This can be abused to extract contents of kernel memory via side-channel (CVE-2020-27171).
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the addre...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28611

- https://bugs.mageia.org/show_bug.cgi?id=28596

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.20

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.21

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.22

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.23

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.24

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.25

- https://www.cve.org/CVERecord?id=CVE-2020-25639

- https://www.cve.org/CVERecord?id=CVE-2020-27170

- https://www.cve.org/CVERecord?id=CVE-2020-27171

- https://www.cve.org/CVERecord?id=CVE-2021-27363

- https://www.cve.org/CVERecord?id=CVE-2021-27364

- https://www.cve.org/CVERecord?id=CVE-2021-27365

- https://www.cve.org/CVERecord?id=CVE-2021-28038

- https://www.cve.org/CVERecord?id=CVE-2021-28039

- https://www.cve.org/CVERecord?id=CVE-2021-28375

Topics%20covered

Topics Covered

security advisory kernel update critical kernel system stability NULL pointer Denial of Service kernel issues driver flaws Mageia unprivileged access BPF exploit

Resolution

SRPMS

- 7/core/kernel-linus-5.10.25-1.mga7

- 8/core/kernel-linus-5.10.25-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 22 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0152.html
Type: security
CVE: CVE-2020-25639, CVE-2020-27170, CVE-2020-27171, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-28039, CVE-2021-28375

Topics%20covered

Topics Covered

security advisory kernel update critical kernel system stability NULL pointer Denial of Service kernel issues driver flaws Mageia unprivileged access BPF exploit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here