Bug 28262

Summary: Update request: kernel-linus-5.10.12-1.mga7
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: ouaurelien, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2021-01-30 18:43:07 CET 
This 5.10.12 update closes this security issue:

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel (CVE-2021-3347).

SRPMS:
kernel-linus-5.10.12-1.mga7.src.rpm


i586:
kernel-linus-5.10.12-1.mga7-1-1.mga7.i586.rpm
kernel-linus-devel-5.10.12-1.mga7-1-1.mga7.i586.rpm
kernel-linus-devel-latest-5.10.12-1.mga7.i586.rpm
kernel-linus-doc-5.10.12-1.mga7.noarch.rpm
kernel-linus-latest-5.10.12-1.mga7.i586.rpm
kernel-linus-source-5.10.12-1.mga7-1-1.mga7.noarch.rpm
kernel-linus-source-latest-5.10.12-1.mga7.noarch.rpm


x86_64:
kernel-linus-5.10.12-1.mga7-1-1.mga7.x86_64.rpm
kernel-linus-devel-5.10.12-1.mga7-1-1.mga7.x86_64.rpm
kernel-linus-devel-latest-5.10.12-1.mga7.x86_64.rpm
kernel-linus-doc-5.10.12-1.mga7.noarch.rpm
kernel-linus-latest-5.10.12-1.mga7.x86_64.rpm
kernel-linus-source-5.10.12-1.mga7-1-1.mga7.noarch.rpm
kernel-linus-source-latest-5.10.12-1.mga7.noarch.rpm
Thomas Backlund 2021-01-30 18:43:20 CET

Priority: Normal => High

Comment 1 Thomas Backlund 2021-01-30 19:00:53 CET 
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerability
CVE:
 - CVE-2021-3347
src:
  7:
   core:
     - kernel-linus-5.10.12-1.mga7
description: |
  This kernel-linus update is based on upstream 5.10.11 and fixes atleast the
  following security issue:

  An issue was discovered in the Linux kernel through 5.10.11. PI futexes
  have a kernel stack use-after-free during fault handling, allowing local
  users to execute code in the kernel (CVE-2021-3347).

  For other upstream fixes, see the referenced changelog.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28262
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.12

Keywords: (none) => advisory

Comment 2 Aurelien Oudelet 2021-02-01 15:25:07 CET 
M7 Plasma X86_64, Classic ISO.
Runs well.
Basic usage OK.
nvidia-current is OK through DKMS.

All peripherals are OK.
Validating, as Kernel-desktop/server with Mageia preset have been already flushed out.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK
CC: (none) => ouaurelien, sysadmin-bugs

Comment 3 Mageia Robot 2021-02-01 18:54:50 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0062.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED