Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 7, 8 MGASA-2021-0215 Moderate: Kernel Denial Of Service

mageia
Calendar Grey May 19, 2021
Dist Mageia Esm H88
Kernel-linus patch MGASA-2021-0215 tackles multiple vulnerabilities, improving overall system safety. Discover further details.
This kernel-linus update is based on upstream 5.10.37 and fixes atleast the following security issues: It was discovered that the io_uring implementation of the Linux kernel did n...

Summary

This kernel-linus update is based on upstream 5.10.37 and fixes atleast the following security issues:
It was discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code (CVE-2021-3491).
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information (CVE-2021-3506).
...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28917

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.34

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.35

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37

- https://www.cve.org/CVERecord?id=CVE-2021-3491

- https://www.cve.org/CVERecord?id=CVE-2021-3506

- https://www.cve.org/CVERecord?id=CVE-2021-23133

- https://www.cve.org/CVERecord?id=CVE-2021-31440

- https://www.cve.org/CVERecord?id=CVE-2021-31829

- https://www.cve.org/CVERecord?id=CVE-2021-32399

- https://www.cve.org/CVERecord?id=CVE-2021-33034

Topics%20covered

Topics Covered

security advisory denial of service local exploit kernel local attack memory access system crash Mageia mageia kernel-linus

Resolution

SRPMS

- 8/core/kernel-linus-5.10.37-1.mga8

- 7/core/kernel-linus-5.10.37-1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0215.html
Type: security
CVE: CVE-2021-3491, CVE-2021-3506, CVE-2021-23133, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034

Topics%20covered

Topics Covered

security advisory denial of service local exploit kernel local attack memory access system crash Mageia mageia kernel-linus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here