Mageia 2021-0225: kernel-linus security update

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 247

MGASA-2021-0225 - Updated kernel-linus packages fix security vulnerability

Publication date: 31 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0225.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-33200

This kernel-linus update is based on upstream 5.10.41 and fixes atleast
the following security issue:

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect
limits for pointer arithmetic operations. This can be abused to perform
out-of-bounds reads and writes in kernel memory, leading to local privilege
escalation to root. In particular, there is a corner case where the off reg
causes a masking direction change, which then results in an incorrect final
aux->alu_limit (CVE-2021-33200).

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28981
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.39
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.40
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.41
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33200

SRPMS:
- 8/core/kernel-linus-5.10.41-1.mga8
- 7/core/kernel-linus-5.10.41-1.mga7

Mageia 2021-0225: kernel-linus security update

This kernel-linus update is based on upstream 5.10.41 and fixes atleast the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect l...

Summary

This kernel-linus update is based on upstream 5.10.41 and fixes atleast the following security issue:
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (CVE-2021-33200).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=28981

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.39

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.40

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.41

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33200

Resolution

MGASA-2021-0225 - Updated kernel-linus packages fix security vulnerability

SRPMS

- 8/core/kernel-linus-5.10.41-1.mga8

- 7/core/kernel-linus-5.10.41-1.mga7

Severity
Publication date: 31 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0225.html
Type: security
CVE: CVE-2021-33200

News

Advisories

HOWTOs

Features

Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications
Installing SurfShark VPN On Kali Linux: The Authoritative Guide
Best Practices for PHP Security
9 Wise Linux Cybersecurity Tips for Businesses

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy