Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: 2021-0460 Moderate: Local Privilege Escalation in Kernel-Linus

mageia
Calendar Grey October 4, 2021
Dist Mageia Esm H88
Mageia's Kernel-linus update boosts safety by addressing local privilege escalation and socket misuse flaws.
This kernel-linus update is based on upstream 5.10.70 and fixes atleast the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local atta...

Summary

This kernel-linus update is based on upstream 5.10.70 and fixes atleast the following security issues:
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (CVE-2020-16119).
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13 (CVE-2021-40490).
oop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation (CVE-2021-41073).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=29508

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.63

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.64

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.65

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.66

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.67

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.68

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.69

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.70

- https://www.cve.org/CVERecord?id=CVE-2020-16119

- https://www.cve.org/CVERecord?id=CVE-2021-40490

- https://www.cve.org/CVERecord?id=CVE-2021-41073

Topics%20covered

Topics Covered

security advisory kernel update moderate severity kernel local escalation Mageia socket misuse

Resolution

SRPMS

- 8/core/kernel-linus-5.10.70-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 04 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0460.html
Type: security
CVE: CVE-2020-16119, CVE-2021-40490, CVE-2021-41073

Topics%20covered

Topics Covered

security advisory kernel update moderate severity kernel local escalation Mageia socket misuse

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here