MGASA-2021-0418 - Updated kernel packages fix security vulnerabilities

Publication date: 08 Sep 2021
URL: https://advisories.mageia.org/MGASA-2021-0418.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-3640,
     CVE-2021-3739,
     CVE-2021-3743,
     CVE-2021-3753

This kernel update is based on upstream 5.10.62 and fixes atleast the
following security issues:

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel
HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or
other way triggers race condition of the call sco_conn_del() together with
the call sco_sock_sendmsg() with the expected controllable faulting memory
page. A privileged local user could use this flaw to crash the system or
escalate their privileges on the system (CVE-2021-3640).

A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference
in btrfs code (CVE-2021-3739).

there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c
(CVE-2021-3743).

An out-of-bounds read due to a race condition has been found in the Linux
kernel due to write access to vc_mode is not protected by a lock in vt_ioctl
(KDSETMDE) (CVE-2021-3753).

Other fixes in this update:
- audio stopped working with the update to kernel 5.10.60 released in
  MGASA-2021-0409 (mga#29426).
- x86/ACPI/State: Optimize C3 entry on AMD CPUs
- ext4: fix race writing to an inline_data file while its xattrs are
  changing
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
- ext4: report correct st_size for encrypted symlinks
- f2fs: report correct st_size for encrypted symlinks
- ubifs: report correct st_size for encrypted symlinks

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29435
- https://bugs.mageia.org/show_bug.cgi?id=29426
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753

SRPMS:
- 8/core/kernel-5.10.62-1.mga8
- 8/core/kmod-virtualbox-6.1.26-1.4.mga8
- 8/core/kmod-xtables-addons-3.18-1.22.mga8