Mageia 2021-0418: kernel security update
Summary
This kernel update is based on upstream 5.10.62 and fixes atleast the
following security issues:
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel
HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or
other way triggers race condition of the call sco_conn_del() together with
the call sco_sock_sendmsg() with the expected controllable faulting memory
page. A privileged local user could use this flaw to crash the system or
escalate their privileges on the system (CVE-2021-3640).
A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference
in btrfs code (CVE-2021-3739).
there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c
(CVE-2021-3743).
An out-of-bounds read due to a race condition has been found in the Linux
kernel due to write access to vc_mode is not protected by a lock in vt_ioctl
(KDSETMDE) (CVE-2021-3753).
Other fixes in this update:
- audio stopped working with the update to kernel 5.10.60 released in
MGASA-2021-0409 (mga#29426).
- x86/ACPI/State: Optimize C3 entry on AMD CPUs
- ext4: fix race writing to an inline_data file while its xattrs are
changing
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
- ext4: report correct st_size for encrypted symlinks
- f2fs: report correct st_size for encrypted symlinks
- ubifs: report correct st_size for encrypted symlinks
For other upstream fixes, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=29435
- https://bugs.mageia.org/show_bug.cgi?id=29426
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753
Resolution
MGASA-2021-0418 - Updated kernel packages fix security vulnerabilities
SRPMS
- 8/core/kernel-5.10.62-1.mga8
- 8/core/kmod-virtualbox-6.1.26-1.4.mga8
- 8/core/kmod-xtables-addons-3.18-1.22.mga8