Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 8 MGASA-2021-0489 Moderate: Kernel Memory Leak Security Advisory

mageia
Calendar Grey October 25, 2021
Dist Mageia Esm H88
The latest kernel patch MGASA-2023-0578 tackles various vulnerabilities in Mageia 9, promoting robustness and safeguarding user data.
This kernel update is based on upstream 5.10.75 and fixes atleast the following security issues: A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/ccp-ops...

Summary

This kernel update is based on upstream 5.10.75 and fixes atleast the following security issues:
A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service (memory consumption) (CVE-2021-3744).
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an malicious user to cause a denial of service (CVE-2021-3764).
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system (CVE-2021-20321).
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (CVE-2021-41864).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=29571

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.71

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.72

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.73

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.74

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.75

- https://www.cve.org/CVERecord?id=CVE-2021-3744

- https://www.cve.org/CVERecord?id=CVE-2021-3764

- https://www.cve.org/CVERecord?id=CVE-2021-20321

- https://www.cve.org/CVERecord?id=CVE-2021-41864

Topics%20covered

Topics Covered

security advisory denial of service kernel update memory leak mageia

Resolution

SRPMS

- 8/core/kernel-5.10.75-1.mga8

- 8/core/kmod-virtualbox-6.1.28-1.2.mga8

- 8/core/kmod-xtables-addons-3.18-1.25.mga8

Publication date: 25 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0489.html
Type: security
CVE: CVE-2021-3744, CVE-2021-3764, CVE-2021-20321, CVE-2021-41864

Topics%20covered

Topics Covered

security advisory denial of service kernel update memory leak mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here