Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 8: MGASA-2021-0418 Critical Security Update for Kernel Issues

mageia
Calendar Grey September 8, 2021
Dist Mageia Esm H88
MGASA-2021-0419 addresses a significant kernel patch fixing several vulnerabilities in Mageia 8. Keep yourself updated!
This kernel update is based on upstream 5.10.62 and fixes atleast the following security issues: A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsy...

Summary

This kernel update is based on upstream 5.10.62 and fixes atleast the following security issues:
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-3640).
A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference in btrfs code (CVE-2021-3739).
there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743).
An out-of-bounds read due to a race condition has been found in the Linux kernel due to write access to vc_mode is not protected by a lock in vt_ioctl (KDSETMDE) (CVE-2021-3753).
Other fixes in this update: - audio stopped working with the update to kernel 5.10.60 released in MG...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29435

- https://bugs.mageia.org/show_bug.cgi?id=29426

- https://www.cve.org/CVERecord?id=CVE-2021-3640

- https://www.cve.org/CVERecord?id=CVE-2021-3739

- https://www.cve.org/CVERecord?id=CVE-2021-3743

- https://www.cve.org/CVERecord?id=CVE-2021-3753

Topics%20covered

Topics Covered

security advisory critical privilege escalation kernel system crash Mageia

Resolution

SRPMS

- 8/core/kernel-5.10.62-1.mga8

- 8/core/kmod-virtualbox-6.1.26-1.4.mga8

- 8/core/kmod-xtables-addons-3.18-1.22.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 08 Sep 2021
URL: https://advisories.mageia.org/MGASA-2021-0418.html
Type: security
CVE: CVE-2021-3640, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753

Topics%20covered

Topics Covered

security advisory critical privilege escalation kernel system crash Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here