Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 8 MGASA-2021-0409 Moderate: Kernel Security Issues Overview

mageia
Calendar Grey August 23, 2021
Dist Mageia Esm H88
The latest kernel patch resolves numerous vulnerabilities affecting wireless connectivity hardware and validation processes for L1 guests, significantly bolstering security measures.
This kernel update is based on upstream 5.10.60 and fixes atleast the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN dev...

Summary

This kernel update is based on upstream 5.10.60 and fixes atleast the following security issues:
Specifically timed and handcrafted traffic can cause internal errorsin a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic in ath9k (CVE-2020-3702).
A missing validation of the "int_ctl" VMCB field allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape (CVE-2021-3653).
A missing validation of the the "virt_ext" VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, a...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29384

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.57

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.58

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.59

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.60

- https://www.cve.org/CVERecord?id=CVE-2020-3702

- https://www.cve.org/CVERecord?id=CVE-2021-3653

- https://www.cve.org/CVERecord?id=CVE-2021-3656

- https://www.cve.org/CVERecord?id=CVE-2021-38205

Topics%20covered

Topics Covered

security advisory kernel update information disclosure Mageia internal error

Resolution

SRPMS

- 8/core/kernel-5.10.60-2.mga8

- 8/core/kmod-virtualbox-6.1.26-1.2.mga8

- 8/core/kmod-xtables-addons-3.18-1.20.mga8

Publication date: 23 Aug 2021
URL: https://advisories.mageia.org/MGASA-2021-0409.html
Type: security
CVE: CVE-2020-3702, CVE-2021-3653, CVE-2021-3656, CVE-2021-38205

Topics%20covered

Topics Covered

security advisory kernel update information disclosure Mageia internal error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here