Mageia: MGASA-2021-0175 High: Kernel-Linus Denial of Service Issues
mageia
April 3, 2021
This kernel-linus update is based on upstream 5.10.27 and fixes atleast the following security issues: The fix for XSA-365 includes initialization of pointers such that subsequent...
Summary
This kernel-linus update is based on upstream 5.10.27 and fixes atleast
the following security issues:
The fix for XSA-365 includes initialization of pointers such that
subsequent cleanup code wouldn't use uninitialized or stale values.
This initialization went too far and may under certain conditions also
overwrite pointers which are in need of cleaning up. The lack of
cleanup would result in leaking persistent grants. The leak in turn
would prevent fully cleaning up after a respective guest has died,
leaving around zombie domains. A malicious or buggy frontend driver
may be able to cause resource leaks from the corresponding backend
driver. This can result in a host-wide Denial of Sevice (DoS).
(CVE-2021-28688 / XSA-371).
An issue was discovered in fs/io_uring.c in the Linux kernel through
5.11.8. It allows attackers to cause a denial of service (deadlock)
because exit may be waiting to park a SQPOLL thread, but concurrently
that SQPOLL thread is waiting for a signal to start (CVE...
References
- https://bugs.mageia.org/show_bug.cgi?id=28691
- https://bugs.mageia.org/show_bug.cgi?id=28596
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.26
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.27
- https://xenbits.xen.org/xsa/advisory-371.html
- https://www.cve.org/CVERecord?id=CVE-2021-28688
- https://www.cve.org/CVERecord?id=CVE-2021-28951
- https://www.cve.org/CVERecord?id=CVE-2021-28964
- https://www.cve.org/CVERecord?id=CVE-2021-28971
- https://www.cve.org/CVERecord?id=CVE-2021-28972
- https://www.cve.org/CVERecord?id=CVE-2021-29266
Topics Covered
Resolution
SRPMS
- 7/core/kernel-linus-5.10.27-1.mga7
- 8/core/kernel-linus-5.10.27-1.mga8
PREVIOUS
NEXT
Publication date: 03 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0175.html
Type: security
CVE: CVE-2021-28688,
CVE-2021-28951,
CVE-2021-28964,
CVE-2021-28971,
CVE-2021-28972,
CVE-2021-29266
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!