Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 8: 2021-0490 Moderate: Memory Leak and DoS Threats

mageia
Calendar Grey October 25, 2021
Dist Mageia Esm H88
Kernel-linus updates released to fix a variety of security vulnerabilities in Mageia 8, tackling issues such as memory corruption and Denial of Service risks.
This kernel-linus update is based on upstream 5.10.75 and fixes atleast the following security issues: A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/c...

Summary

This kernel-linus update is based on upstream 5.10.75 and fixes atleast the following security issues:
A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service (memory consumption) (CVE-2021-3744).
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an malicious user to cause a denial of service (CVE-2021-3764).
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system (CVE-2021-20321).
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (CVE-2021-41864).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=29572

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.71

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.72

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.73

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.74

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.75

- https://www.cve.org/CVERecord?id=CVE-2021-3744

- https://www.cve.org/CVERecord?id=CVE-2021-3764

- https://www.cve.org/CVERecord?id=CVE-2021-20321

- https://www.cve.org/CVERecord?id=CVE-2021-41864

Resolution

SRPMS

- 8/core/kernel-linus-5.10.75-1.mga8

Publication date: 25 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0490.html
Type: security
CVE: CVE-2021-3744, CVE-2021-3764, CVE-2021-20321, CVE-2021-41864

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here