Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Mageia: 2021-0224 Moderate: Kernel Update for Memory Corruption

mageia
Calendar Grey May 31, 2021
Dist Mageia Esm H88
The latest update from Mageia addresses critical vulnerabilities in the kernel, correcting issues related to memory corruption and the potential for unauthorized privilege escalation.
This kernel update is based on upstream 5.10.41 and fixes atleast the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subs...

Summary

This kernel update is based on upstream 5.10.41 and fixes atleast the following security issues:
A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system (CVE-2021-3564).
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (CVE-2021-33200).
Other fixes in this update: - proc: Check /proc/$pid/attr/ writes against file opener
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=28980

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.39

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.40

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.41

- https://www.cve.org/CVERecord?id=CVE-2021-3564

- https://www.cve.org/CVERecord?id=CVE-2021-33200

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation memory corruption Mageia

Resolution

SRPMS

- 7/core/kernel-5.10.41-1.mga7

- 7/core/kmod-virtualbox-6.1.22-1.5.mga7

- 7/core/kmod-xtables-addons-3.13-27.mga7

- 8/core/kernel-5.10.41-1.mga8

- 8/core/kmod-virtualbox-6.1.22-1.5.mga8

- 8/core/kmod-xtables-addons-3.18-1.5.mga8

Publication date: 31 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0224.html
Type: security
CVE: CVE-2021-3564, CVE-2021-33200

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation memory corruption Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here