Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 8: MGASA-2021-0397 Moderate: Kernel BPF Threat Fixes

mageia
Calendar Grey August 7, 2021
Dist Mageia Esm H88
Mageia 2021-0398 delivers essential updates for kernel security, rectifying BPF flaws along with various other system enhancements.
This kernel update is based on upstream 5.10.56 and fixes atleast the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensiti...

Summary

This kernel update is based on upstream 5.10.56 and fixes atleast the following security issues:
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (CVE-2021-34556).
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value (CVE-2021-35477).
Other fixes in this update: - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction - btrfs: fix race causing unnecessary inode logging during link and rename - watchdog: iTCO_wdt: Fix detection of SMI-off case (fixes sporadic reboots on some systems) - ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29311

- https://bugs.mageia.org/show_bug.cgi?id=29262

- https://bugs.mageia.org/show_bug.cgi?id=29285

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.53

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.54

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.55

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.56

- https://www.cve.org/CVERecord?id=CVE-2021-34556

- https://www.cve.org/CVERecord?id=CVE-2021-35477

Topics%20covered

Topics Covered

security advisory kernel update moderate threat sensitive information mageia bpf fix

Resolution

SRPMS

- 8/core/kernel-5.10.56-1.mga8

- 8/core/kmod-virtualbox-6.1.24-1.4.mga8

- 8/core/kmod-xtables-addons-3.18-1.16.mga8

Publication date: 07 Aug 2021
URL: https://advisories.mageia.org/MGASA-2021-0397.html
Type: security
CVE: CVE-2021-34556, CVE-2021-35477

Topics%20covered

Topics Covered

security advisory kernel update moderate threat sensitive information mageia bpf fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here