| Summary: | Update request: kernel-linus-5.10.14-1.mga7 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | kernel-linus | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2021-02-10 16:28:46 CET
advisory, added to svn
type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
- CVE-2021-3348
- CVE-2021-26708
src:
7:
core:
- kernel-linus-5.10.14-1.mga7
description: |
This kernel-linus update is based on upstream 5.10.14 and fixes atleast
the following security issues:
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12
has an ndb_queue_rq use-after-free that could be triggered by local
attackers (with access to the nbd device) via an I/O request at a
certain point during device setup (CVE-2021-3348).
A local privilege escalation was discovered in the Linux kernel before
5.10.13. Multiple race conditions in the AF_VSOCK implementation are
caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).
It also adds the following fixes:
- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
For other upstream fixes, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=28341
- https://bugs.mageia.org/show_bug.cgi?id=28312
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14Keywords:
(none) =>
advisory After update: Kernel: 5.10.14-1.mga7 x86_64 Quad Core: Intel Core i7-4790 type: MT MCP NVIDIA GM204 [GeForce GTX 970] driver: nouveau As usual this gave the user the runaround when rebooting - "There has been a display driver change". Rebooting at that stage does not help; the system goes into the same state, so it is an endless loop. Impossible to get a virtual console because two processes alternate at high frequency - the stalled boot sequence and the command-line. Since linus is incompatible with the nvidia driver the graphics driver needs to be changed at this point. The only way to break the loop is to boot to runlevel 3 and run drakx11. That is what worked here. The upshot of this is that if you are running the nvidia graphics driver install a free driver *before* rebooting. The Mate desktop came up unchanged. Thunderbird launched without destroying the user's profile (so it looks like only new versions of tbird do any damage). The rest of the desktop appears to be working OK so this will be left to run for a couple of days. CC:
(none) =>
tarazed25 Kernel: 5.10.14-1.mga7 x86_64 Laptop System: LENOVO product: 9541 v: Lenovo IdeaPad Y500 Quad Core: Intel Core i7-3630QM type: MT MCP NVIDIA GK107M [GeForce GT 650M] driver: nouveau Installed nouveau before updating and rebooting. Rebooted smoothly but rebuilt and installed the nvidia driver on every boot. Desktop working fine. Not spending much time on this; just stress tests and checking a few applications. No regressions noted. thanks for the tests, flushing out Whiteboard:
(none) =>
MGA7-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0085.html Status:
NEW =>
RESOLVED |