Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 7, 8: 2021-0214 Critical: Kernel Denial Of Service

mageia
Calendar Grey May 19, 2021
Dist Mageia Esm H88
System improvements in Fedora deliver critical patches for users, addressing numerous weaknesses to maintain robustness and user protection.
This kernel update is based on upstream 5.10.37 and fixes atleast the following security issues: It was discovered that the io_uring implementation of the Linux kernel did not pro...

Summary

This kernel update is based on upstream 5.10.37 and fixes atleast the following security issues:
It was discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code (CVE-2021-3491).
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information (CVE-2021-3506).
...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28908

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.34

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.35

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37

- https://www.cve.org/CVERecord?id=CVE-2021-3491

- https://www.cve.org/CVERecord?id=CVE-2021-3506

- https://www.cve.org/CVERecord?id=CVE-2021-23133

- https://www.cve.org/CVERecord?id=CVE-2021-31440

- https://www.cve.org/CVERecord?id=CVE-2021-31829

- https://www.cve.org/CVERecord?id=CVE-2021-32399

- https://www.cve.org/CVERecord?id=CVE-2021-33034

Topics%20covered

Topics Covered

security advisory denial of service critical local threat kernel local attack memory access system crash Mageia

Resolution

SRPMS

- 7/core/kernel-5.10.37-2.mga7

- 7/core/kmod-virtualbox-6.1.22-1.4.mga7

- 7/core/kmod-xtables-addons-3.13-26.mga7

- 8/core/kernel-5.10.37-2.mga8

- 8/core/kmod-virtualbox-6.1.22-1.4.mga8

- 8/core/kmod-xtables-addons-3.18-1.4.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 19 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0214.html
Type: security
CVE: CVE-2021-3491, CVE-2021-3506, CVE-2021-23133, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034

Topics%20covered

Topics Covered

security advisory denial of service critical local threat kernel local attack memory access system crash Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here