Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Mageia 8: MGASA-2021-0459 Critical Kernel Update for Local Attacks

mageia
Calendar Grey October 4, 2021
Dist Mageia Esm H88
The Ubuntu kernel patch USN-5210-1 resolves severe vulnerabilities in local user access in 5.4.0 packages.
This kernel update is based on upstream 5.10.70 and fixes atleast the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker d...

Summary

This kernel update is based on upstream 5.10.70 and fixes atleast the following security issues:
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (CVE-2020-16119).
oop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation (CVE-2021-41073).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=29507

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.63

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.64

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.65

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.66

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.67

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.68

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.69

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.70

- https://www.cve.org/CVERecord?id=CVE-2020-16119

- https://www.cve.org/CVERecord?id=CVE-2021-41073

Topics%20covered

Topics Covered

security advisory kernel local attack use-after-free Mageia CVE-2020-16119 CVE-2021-41073

Resolution

SRPMS

- 8/core/kernel-5.10.70-1.mga8

- 8/core/kmod-virtualbox-6.1.26-1.6.mga8

- 8/core/kmod-xtables-addons-3.18-1.24.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 04 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0459.html
Type: security
CVE: CVE-2020-16119, CVE-2021-41073

Topics%20covered

Topics Covered

security advisory kernel local attack use-after-free Mageia CVE-2020-16119 CVE-2021-41073

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here