| Summary: | Update request: kernel-linus-5.10.33-1.mga8/7 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | ouaurelien, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | kernel-linus | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2021-04-30 12:08:03 CEST
Mga7 rpms: SRPMS: kernel-linus-5.10.33-1.mga7-1-1.mga7.src.rpm i586: kernel-linus-5.10.33-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-5.10.33-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-latest-5.10.33-1.mga7.i586.rpm kernel-linus-doc-5.10.33-1.mga7.noarch.rpm kernel-linus-latest-5.10.33-1.mga7.i586.rpm kernel-linus-source-5.10.33-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.33-1.mga7.noarch.rpm x86_64: kernel-linus-5.10.33-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-5.10.33-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-latest-5.10.33-1.mga7.x86_64.rpm kernel-linus-doc-5.10.33-1.mga7.noarch.rpm kernel-linus-latest-5.10.33-1.mga7.x86_64.rpm kernel-linus-source-5.10.33-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.33-1.mga7.noarch.rpm Summary:
Update request: kernel-linus-5.10.33-1.mga8 =>
Update request: kernel-linus-5.10.33-1.mga8/7
Advisory, added to svn:
type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
- CVE-2021-23133
- CVE-2021-29155
src:
8:
core:
- kernel-linus-5.10.33-1.mga8
7:
core:
- kernel-linus-5.10.33-1.mga7
description: |
This kernel-linus update is based on upstream 5.10.33 and fixes atleast the
following security issues:
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before
5.12-rc8 can lead to kernel privilege escalation from the context of a
network service or an unprivileged process. If sctp_destroy_sock is called
without sock_net(sk)->sctp.addr_wq_lock then an element is removed from
the auto_asconf_splist list without any proper locking. This can be
exploited by an attacker with network service privileges to escalate to
root or from the context of an unprivileged user directly if a
BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some
SCTP socket (CVE-2021-23133).
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/
verifier.c performs undesirable out-of-bounds speculation on pointer
arithmetic, leading to side-channel attacks that defeat Spectre mitigations
and obtain sensitive information from kernel memory. Specifically, for
sequences of pointer arithmetic operations, the pointer modification
performed by the first operation is not correctly accounted for when
restricting subsequent operations (CVE-2021-29155).
For other upstream fixes, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=28858
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.31
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.32
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33Keywords:
(none) =>
advisory Updated without source packages. Removed a slew of mga7 kernel packages left over from the recent mga7->mga8 upgrade and ran `drakboot --boot` before rebooting. Kernel: 5.10.33-1.mga8 x86_64 Mobo: MSI model: Z97-G43 (MS-7816) Quad Core Intel Core i7-4790 [MT MCP] NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 460.73.01 NFS shares mounted from fstab. Virtualbox launches Mageia 32-bit and 64-bit clients - working desktops. Common desktop applications work. vlc with pulseaudio plays videos. Logged in to another workstation on the LAN with ssh. Ran stress tests, glmark2, teapot, glxspheres. Installed and launched qgis. Ran stellarium, opened GIMP on an image and manipulated it. Played kmahjongg. Leaving this to run. CC:
(none) =>
tarazed25 System:
Host: mageia.local Kernel: 5.10.33-1.mga8 x86_64 bits: 64
Desktop: KDE Plasma 5.20.4 Distro: Mageia 8 mga8
Installing:
kernel-linus-latest-5.10.33-1.mga8.x86_64
kernel-linus-devel-latest-5.10.33-1.mga8.x86_64
kernel-linus-5.10.33-1.mga8-1-1.mga8.x86_64
kernel-linus-devel-5.10.33-1.mga8-1-1.mga8.x86_64
Rebooting with Grub2 making sure it loads kernel-linus
(no mention to -desktop or -server in the version name)
Graphics: Device-1: NVIDIA TU116 [GeForce GTX 1660 Ti] driver: nvidia v: 460.73.01
Display: x11 server: Mageia X.org 1.20.11 driver: nvidia,v4l resolution: 1: 1920x1080~60Hz 2: 1920x1080
OpenGL: renderer: GeForce GTX 1660 Ti/PCIe/SSE2 v: 4.6.0 NVIDIA 460.73.01
Audio: Device-1: Intel 100 Series/C230 Series Family HD Audio driver: snd_hda_intel
Device-2: NVIDIA TU116 High Definition Audio driver: snd_hda_intel
Device-3: Logitech HD Pro Webcam C920 type: USB driver: snd-usb-audio,uvcvideo
Sound Server: ALSA v: k5.10.33-1.mga8
Network: Device-1: Intel Ethernet I219-V driver: e1000e
Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi
All working OK.
Note dkms drivers for nvidia was rebuilt before with 5.10.33-desktop.CC:
(none) =>
ouaurelien System: Host: mageia2.local Kernel: 5.10.33-1.mga7 x86_64 bits: 64 Desktop: KDE Plasma 5.15 Distro: Mageia 7 mga7 Installing: kernel-linus-latest-5.10.33-1.mga7.x86_64 kernel-linus-devel-latest-5.10.33-1.mga7.x86_64 kernel-linus-5.10.33-1.mga7-1-1.mga7.x86_64 kernel-linus-devel-5.10.33-1.mga7-1-1.mga7.x86_64 Rebooting with Grub2 making sure it loads kernel-linus (no mention to -desktop or -server in the version name) All working OK (WiFi, Bluetooth, Nvidia Geforce GTX 670). Note dkms drivers for nvidia was rebuilt before with 5.10.33-desktop. MGA7-64-OK MGA8-64-OK for comment 4. Validating. Whiteboard:
MGA7TOO =>
MGA7TOO MGA7-64-OK MGA8-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0205.html Resolution:
(none) =>
FIXED |