1 |
type: security |
2 |
subject: Updated kernel packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2021-3760 |
5 |
- CVE-2021-3772 |
6 |
- CVE-2021-42327 |
7 |
- CVE-2021-42739 |
8 |
- CVE-2021-43267 |
9 |
- CVE-2021-43389 |
10 |
src: |
11 |
8: |
12 |
core: |
13 |
- kernel-5.10.78-1.mga8 |
14 |
- kmod-virtualbox-6.1.28-1.4.mga8 |
15 |
- kmod-xtables-addons-3.18-1.28.mga8 |
16 |
- wireguard-tools-1.0.20210914-1.mga8 |
17 |
description: | |
18 |
This kernel update is based on upstream 5.10.78 and fixes atleast the |
19 |
following security issues: |
20 |
|
21 |
A use-after-free vulnerability in the NFC stack can lead to a threat to |
22 |
confidentiality, integrity, and system availability (CVE-2021-3760). |
23 |
|
24 |
A flaw in the SCTP stack where a blind attacker may be able to kill an |
25 |
existing SCTP association through invalid chunks if the attacker knows |
26 |
the IP-addresses and port numbers being used and the attacker can send |
27 |
packets with spoofed IP addresses (CVE-2021-3772). |
28 |
|
29 |
A flaw heap buffer overflow in the Linux kernel's AMD Radeon graphics |
30 |
card driver was found in the way user writes some malicious data to the |
31 |
AMD GPU Display Driver Debug Filesystem (to the VGA sub-directory of the |
32 |
/sys/kernel/debug/ directory). A local user could use this flaw to crash |
33 |
the system or escalate their privileges on the system (CVE-2021-42327). |
34 |
|
35 |
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer |
36 |
overflow related to drivers/media/firewire/firedtv-avc.c and |
37 |
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles |
38 |
bounds checking (CVE-2021-42739). |
39 |
|
40 |
A flaw was discovered in the cryptographic receive code in the Linux |
41 |
kernel's implementation of transparent interprocess communication. An |
42 |
attacker, with the ability to send TIPC messages to the target, can |
43 |
corrupt memory and escalate privileges on the target system |
44 |
(CVE-2021-43267). |
45 |
|
46 |
An issue was discovered in the Linux kernel before 5.14.15. There is an |
47 |
array-index-out-of-bounds flaw in the detach_capi_ctr function in |
48 |
drivers/isdn/capi/kcapi.c (CVE-2021-43389). |
49 |
|
50 |
wireguard-tools are updated to 1.0.20210914. |
51 |
|
52 |
For other upstream fixes, see the referenced changelogs. |
53 |
references: |
54 |
- https://bugs.mageia.org/show_bug.cgi?id=29628 |
55 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.76 |
56 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.77 |
57 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.78 |
58 |
ID: MGASA-2021-0507 |