Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8: MGASA-2021-0588 Critical: Kernel DoS Threat Fix

mageia
Calendar Grey December 29, 2021
Dist Mageia Esm H88
The MGASA-2021-0588 kernel upgrade addresses vulnerabilities, particularly possible DoS threats posed by harmful XEN PV backends.
This kernel update is based on upstream 5.15.11 and fixes atleast the following security issues: Potentially malicious XEN PV backends can cause guest DoS due to unhardened fronte...

Summary

This kernel update is based on upstream 5.15.11 and fixes atleast the following security issues:
Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests, even though this ought to have been prevented by containing them within a driver domain. This update fixes the issue tracked as XSA-391: blkfront (CVE-2021-28711), netfront (CVE-2021-28712), hvc_xen (CVE-2021-28713).
The Linux kernel's xen-netback backend driver can be forced by guests to queue arbitrary amounts of network data, finally causing an out of memory situation in the domain the backend is running in (usually dom0). This update fixes the issues tracked as XSA-392 (CVE-2021-28714, CVE-2021-28715).
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry (CVE-2021-45469).
In addition to the upstream changes, we also have added the following fixes: - ALSA: hda/hdmi: Disable silen...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29813

- https://bugs.mageia.org/show_bug.cgi?id=29641

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11

- https://xenbits.xen.org/xsa/advisory-391.html

- https://xenbits.xen.org/xsa/advisory-392.html

- https://www.cve.org/CVERecord?id=CVE-2021-28711

- https://www.cve.org/CVERecord?id=CVE-2021-28712

- https://www.cve.org/CVERecord?id=CVE-2021-28713

- https://www.cve.org/CVERecord?id=CVE-2021-28714

- https://www.cve.org/CVERecord?id=CVE-2021-28715

- https://www.cve.org/CVERecord?id=CVE-2021-45469

Topics%20covered

Topics Covered

security advisory kernel update Mageia guest DoS xen-netback malicious backends network data

Resolution

SRPMS

- 8/core/kernel-5.15.11-3.mga8

- 8/core/kmod-virtualbox-6.1.30-1.7.mga8

- 8/core/kmod-xtables-addons-3.18-1.41.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 29 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0588.html
Type: security
CVE: CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-45469

Topics%20covered

Topics Covered

security advisory kernel update Mageia guest DoS xen-netback malicious backends network data

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here