| Summary: | Update reqest: kernel-5.10.14-1.mga7 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, herman.viaene, jim, sysadmin-bugs, tarazed25, wilcal.int |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK, MGA7-32-OK | ||
| Source RPM: | kernel | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2021-02-10 16:28:37 CET
advisory, added to svn:
type: security
subject: Updated kernel packages fix security vulnerability
CVE:
- CVE-2021-26708
src:
7:
core:
- kernel-5.10.14-1.mga7
- kmod-virtualbox-6.1.18-6.mga7
- kmod-xtables-addons-3.13-12.mga7
description: |
This kernel update is based on upstream 5.10.14 and fixes atleast the
following security issues:
A local privilege escalation was discovered in the Linux kernel before
5.10.13. Multiple race conditions in the AF_VSOCK implementation are
caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).
It also adds the following fixes:
- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
- drm/amd/display: Revert "Fix EDID parsing after resume from suspend"
- drm/amdgpu: fix the issue that retry constantly once the buffer is oversize
- drm/amdgpu: set default value of noretry to 1 for vega10
- drm/amdgpu: default noretry=0 for navi1x and newer
- drm/amdkfd: fix null pointer panic while free buffer in kfd
- mm: thp: fix MADV_REMOVE deadlock on shmem THP
For other upstream fixes, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=28340
- https://bugs.mageia.org/show_bug.cgi?id=28312
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14Keywords:
(none) =>
advisory In a Vbox client, M7.1, Gnome, 32-bit Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop586-latest cpupower from updates testing The following 3 packages are going to be installed: - cpupower-5.10.14-1.mga7.i586 - kernel-desktop586-5.10.14-1.mga7-1-1.mga7.i586 - kernel-desktop586-latest-5.10.14-1.mga7.i586 Reboot system. Boots to a working desktop. Screen resolution is correct. Common apps work. CC:
(none) =>
wilcal.int In a Vbox client, M7.1, Plasma, 64-bit Testing: kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.10.12-desktop-1.mga7 #1 SMP Sat Jan 30 14:29:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop-latest cpupower from updates testing The following 3 packages are going to be installed: - cpupower-5.10.14-1.mga7.x86_64 - kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-latest-5.10.14-1.mga7.x86_64 Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.10.14-desktop-1.mga7 #1 SMP Sun Feb 7 19:36:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux Boots to a working desktop. Screen resolution is correct. Common apps work. On real hardware, M8, Plasma, 64-bit
initial status:
[root@localhost wilcal]# uname -a
Linux localhost 5.10.12-desktop-1.mga7 #1 SMP Sat Jan 30 14:29:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
M7.1 x86_64 Plasma boots to a working desktop
Runs as a Vbox client. Works just fine. Boots to a working desktop.
install from update_testing:
kernel-desktop-latest
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower
The following 7 packages are going to be installed:
- cpupower-5.10.14-1.mga7.x86_64
- kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.10.14-1.mga7.x86_64
- kernel-desktop-latest-5.10.14-1.mga7.x86_64
- virtualbox-kernel-5.10.14-desktop-1.mga7-6.1.18-6.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.1.18-6.mga7.x86_64
[root@localhost wilcal]# uname -a
Linux localhost 5.10.14-desktop-1.mga7 #1 SMP Sun Feb 7 19:36:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Mageia-7,1-Plasma-x86_64
Runs as a Vbox client. Works just fine. Boots to a working desktop.
Mageia-8-Plama-x86_64
Runs as a Vbox client. Works just fine. Boots to a working desktop.
Kernel: 5.10.14-desktop-1.mga7 x86_64 10-Core: Intel Core i9-7900X type: MT MCP NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia No problems with this. Desktop re-established.Ran four stress tests concurrently. $ cpupower frequency-info analyzing CPU 0: driver: intel_pstate ..... $ perf test <OK> NAS and NFS shares OK. Leaving this to run on production system. CC:
(none) =>
tarazed25 x2-3800 - running nouveau (304) - phys machine The following 3 packages are going to be installed: - cpupower-5.10.14-1.mga7.i586 - kernel-server-5.10.14-1.mga7-1-1.mga7.i586 - kernel-server-latest-5.10.14-1.mga7.i586 rebooted ----- $ uname -a Linux localhost 5.10.14-server-1.mga7 #1 SMP Sun Feb 7 20:40:52 UTC 2021 i686 i686 i386 GNU/Linux I've spent a day using the web-server and file server configured on it. No issues. CC:
(none) =>
brtians1 on mga7-64 kernel-desktop plasma Packages installed cleanly: - cpupower-5.10.14-1.mga7.x86_64 - kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.10.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.10.14-1.mga7.x86_64 - kernel-desktop-latest-5.10.14-1.mga7.x86_64 - kernel-userspace-headers-5.10.14-1.mga7.x86_64 - virtualbox-kernel-5.10.14-desktop-1.mga7-6.1.18-6.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.1.18-6.mga7.x86_64 system re-booted normally: uname -r 5.10.14-desktop-1.mga7 # dkms status virtualbox, 6.1.18-1.mga7, 5.10.14-desktop-1.mga7, x86_64: installed virtualbox, 6.1.18-1.mga7, 5.10.14-desktop-1.mga7, x86_64: installed-binary from 5.10.14-desktop-1.mga7 no regressions observed vbox and client launched normally looks OK for mga7-64 on this system: Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 CPU: Intel Core i7-6700 Graphics: Intel HD Graphics 530 (Skylake GT2) CC:
(none) =>
jim Kernel: 5.10.14-desktop-1.mga7 x86_64 Asus Aorus X5 laptop Quad Core: Intel Core i7-5700HQ type: MT MCP Twin nvidia graphics cards - one in use NVIDIA GM204M [GeForce GTX 965M] driver: nvidia 460.32.03 Intel Wireless 7265 driver: iwlwifi Installation without issues # drakboot --boot Rebooted smoothly to Mate desktop, wifi running. Ran a few stress tests, which made the fans spin. glmark2 does not run but glxspheres does. Disabling Sync to Vblank multiplies the frame rate by a factor of 25. Bluetooth audio working fine. Video works with vlc. Desktop applications like LO writer, thunar, ristretto, FrozenBubble work as expected. Tried stellarium, MCC, and atril (viewed the laptop PDF manual). Ran `perf test`; 82 tests, some skips and a a dozen failures. $ cpupower frequency-info analyzing CPU 0: driver: intel_cpufreq CPUs which run at the same hardware frequency: 0 CPUs which need to have their frequency coordinated by software: 0 maximum transition latency: 20.0 us hardware limits: 800 MHz - 3.50 GHz ...... So far, no problems. AMD X3-450, Vidia 730GT (390) The following 6 packages are going to be installed: - cpupower-5.10.14-1.mga7.x86_64 - kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.10.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.10.14-1.mga7.x86_64 - kernel-desktop-latest-5.10.14-1.mga7.x86_64 - kernel-userspace-headers-5.10.14-1.mga7.x86_64 119MB of additional disk space will be used. --- after reboot # uname -a Linux localhost 5.10.14-desktop-1.mga7 #1 SMP Sun Feb 7 19:36:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux # lsmod | grep nvidia nvidia_drm 53248 1 nvidia_modeset 1056768 22 nvidia_drm nvidia 15831040 784 nvidia_modeset ipmi_msghandler 69632 2 ipmi_devintf,nvidia drm_kms_helper 262144 1 nvidia_drm drm 593920 5 drm_kms_helper,nvidia_drm,ttm working as designed Dell Inspiron 5100, 32-bit P4, 2GB RAM, Radeon RV200 (m7500) graphics, Atheros AR2413/AR2414 wifi, 32-bit Xfce system, using the desktop kernel. No installation issues. After reboot, no issues noted. Looks OK on this hardware. The 5.10.14 desktop kernel also looks to be working on this hardware in Mageia 8. CC:
(none) =>
andrewsfarm MGA7-64 MATE on Peaq C1011 No installation issues. Kernel running now. No problems encountered acessing NFS shares, wifi network, using odt, doc, ods, odp, jpag,avi files CC:
(none) =>
herman.viaene thanks for the tests, flushing out Whiteboard:
(none) =>
MGA7-64-OK, MGA7-32-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0084.html Resolution:
(none) =>
FIXED |