Bug 28980

Summary: Update request: kernel-5.10.41-1.mga8/7
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: brtians1, fri, herman.viaene, sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7TOO, MGA8-64-OK, MGA7-64-OK
Source RPM: kernel CVE:
Status comment:

Description Thomas Backlund 2021-05-28 19:24:51 CEST 
Closing down at least one local root exploit


SRPMS:
kernel-5.10.41-1.mga8.src.rpm
kmod-virtualbox-6.1.22-1.5.mga8.src.rpm
kmod-xtables-addons-3.18-1.5.mga8.src.rpm



i586:
bpftool-5.10.41-1.mga8.i586.rpm
cpupower-5.10.41-1.mga8.i586.rpm
cpupower-devel-5.10.41-1.mga8.i586.rpm
kernel-desktop-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-latest-5.10.41-1.mga8.i586.rpm
kernel-desktop586-latest-5.10.41-1.mga8.i586.rpm
kernel-desktop-devel-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-latest-5.10.41-1.mga8.i586.rpm
kernel-desktop-latest-5.10.41-1.mga8.i586.rpm
kernel-doc-5.10.41-1.mga8.noarch.rpm
kernel-server-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-latest-5.10.41-1.mga8.i586.rpm
kernel-server-latest-5.10.41-1.mga8.i586.rpm
kernel-source-5.10.41-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.41-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.41-1.mga8.i586.rpm
libbpf0-5.10.41-1.mga8.i586.rpm
libbpf-devel-5.10.41-1.mga8.i586.rpm
perf-5.10.41-1.mga8.i586.rpm

xtables-addons-kernel-5.10.41-desktop-1.mga8-3.18-1.5.mga8.i586.rpm
xtables-addons-kernel-5.10.41-desktop586-1.mga8-3.18-1.5.mga8.i586.rpm
xtables-addons-kernel-5.10.41-server-1.mga8-3.18-1.5.mga8.i586.rpm
xtables-addons-kernel-desktop586-latest-3.18-1.5.mga8.i586.rpm
xtables-addons-kernel-desktop-latest-3.18-1.5.mga8.i586.rpm
xtables-addons-kernel-server-latest-3.18-1.5.mga8.i586.rpm



x86_64:
bpftool-5.10.41-1.mga8.x86_64.rpm
cpupower-5.10.41-1.mga8.x86_64.rpm
cpupower-devel-5.10.41-1.mga8.x86_64.rpm
kernel-desktop-5.10.41-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-5.10.41-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-latest-5.10.41-1.mga8.x86_64.rpm
kernel-desktop-latest-5.10.41-1.mga8.x86_64.rpm
kernel-doc-5.10.41-1.mga8.noarch.rpm
kernel-server-5.10.41-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-5.10.41-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-latest-5.10.41-1.mga8.x86_64.rpm
kernel-server-latest-5.10.41-1.mga8.x86_64.rpm
kernel-source-5.10.41-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.41-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.41-1.mga8.x86_64.rpm
lib64bpf0-5.10.41-1.mga8.x86_64.rpm
lib64bpf-devel-5.10.41-1.mga8.x86_64.rpm
perf-5.10.41-1.mga8.x86_64.rpm

virtualbox-kernel-5.10.41-desktop-1.mga8-6.1.22-1.5.mga8.x86_64.rpm
virtualbox-kernel-5.10.41-server-1.mga8-6.1.22-1.5.mga8.x86_64.rpm
virtualbox-kernel-desktop-latest-6.1.22-1.5.mga8.x86_64.rpm
virtualbox-kernel-server-latest-6.1.22-1.5.mga8.x86_64.rpm

xtables-addons-kernel-5.10.41-desktop-1.mga8-3.18-1.5.mga8.x86_64.rpm
xtables-addons-kernel-5.10.41-server-1.mga8-3.18-1.5.mga8.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.18-1.5.mga8.x86_64.rpm
xtables-addons-kernel-server-latest-3.18-1.5.mga8.x86_64.rpm
Comment 1 Thomas Backlund 2021-05-28 21:50:52 CEST 
Mga 7 rpms:

SRPMS:
kernel-5.10.41-1.mga7.src.rpm
kmod-virtualbox-6.1.22-1.5.mga7.src.rpm
kmod-xtables-addons-3.13-27.mga7.src.rpm



i586:
bpftool-5.10.41-1.mga7.i586.rpm
cpupower-5.10.41-1.mga7.i586.rpm
cpupower-devel-5.10.41-1.mga7.i586.rpm
kernel-desktop-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-latest-5.10.41-1.mga7.i586.rpm
kernel-desktop586-latest-5.10.41-1.mga7.i586.rpm
kernel-desktop-devel-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-desktop-devel-latest-5.10.41-1.mga7.i586.rpm
kernel-desktop-latest-5.10.41-1.mga7.i586.rpm
kernel-doc-5.10.41-1.mga7.noarch.rpm
kernel-server-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-latest-5.10.41-1.mga7.i586.rpm
kernel-server-latest-5.10.41-1.mga7.i586.rpm
kernel-source-5.10.41-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.10.41-1.mga7.noarch.rpm
kernel-userspace-headers-5.10.41-1.mga7.i586.rpm
libbpf0-5.10.41-1.mga7.i586.rpm
libbpf-devel-5.10.41-1.mga7.i586.rpm
perf-5.10.41-1.mga7.i586.rpm

xtables-addons-kernel-5.10.41-desktop-1.mga7-3.13-27.mga7.i586.rpm
xtables-addons-kernel-5.10.41-desktop586-1.mga7-3.13-27.mga7.i586.rpm
xtables-addons-kernel-5.10.41-server-1.mga7-3.13-27.mga7.i586.rpm
xtables-addons-kernel-desktop586-latest-3.13-27.mga7.i586.rpm
xtables-addons-kernel-desktop-latest-3.13-27.mga7.i586.rpm
xtables-addons-kernel-server-latest-3.13-27.mga7.i586.rpm



x86_64:
bpftool-5.10.41-1.mga7.x86_64.rpm
cpupower-5.10.41-1.mga7.x86_64.rpm
cpupower-devel-5.10.41-1.mga7.x86_64.rpm
kernel-desktop-5.10.41-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-5.10.41-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-latest-5.10.41-1.mga7.x86_64.rpm
kernel-desktop-latest-5.10.41-1.mga7.x86_64.rpm
kernel-doc-5.10.41-1.mga7.noarch.rpm
kernel-server-5.10.41-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-5.10.41-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-latest-5.10.41-1.mga7.x86_64.rpm
kernel-server-latest-5.10.41-1.mga7.x86_64.rpm
kernel-source-5.10.41-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.10.41-1.mga7.noarch.rpm
kernel-userspace-headers-5.10.41-1.mga7.x86_64.rpm
lib64bpf0-5.10.41-1.mga7.x86_64.rpm
lib64bpf-devel-5.10.41-1.mga7.x86_64.rpm
perf-5.10.41-1.mga7.x86_64.rpm

virtualbox-kernel-5.10.41-desktop-1.mga7-6.1.22-1.5.mga7.x86_64.rpm
virtualbox-kernel-5.10.41-server-1.mga7-6.1.22-1.5.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.1.22-1.5.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.1.22-1.5.mga7.x86_64.rpm

xtables-addons-kernel-5.10.41-desktop-1.mga7-3.13-27.mga7.x86_64.rpm
xtables-addons-kernel-5.10.41-server-1.mga7-3.13-27.mga7.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.13-27.mga7.x86_64.rpm
xtables-addons-kernel-server-latest-3.13-27.mga7.x86_64.rpm

Whiteboard: (none) => MGA7TOO
Summary: Update request: kernel-5.10.41-1.mga8 => Update request: kernel-5.10.41-1.mga8/7
Priority: Normal => High

Comment 2 Thomas Backlund 2021-05-28 21:53:44 CEST 
Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2021-3564
 - CVE-2021-33200
src:
  8:
   core:
     - kernel-5.10.41-1.mga8
     - kmod-virtualbox-6.1.22-1.5.mga8
     - kmod-xtables-addons-3.18-1.5.mga8
  7:
   core:
     - kernel-5.10.41-1.mga7
     - kmod-virtualbox-6.1.22-1.5.mga7
     - kmod-xtables-addons-3.13-27.mga7
description: |
  This kernel update is based on upstream 5.10.41 and fixes atleast the
  following security issues:

  A double-free memory corruption in the Linux kernel HCI device
  initialization subsystem was found in the way user attach malicious HCI
  TTY Bluetooth device. A local user could use this flaw to crash the system
  (CVE-2021-3564).

  kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect
  limits for pointer arithmetic operations. This can be abused to perform
  out-of-bounds reads and writes in kernel memory, leading to local privilege
  escalation to root. In particular, there is a corner case where the off reg
  causes a masking direction change, which then results in an incorrect final
  aux->alu_limit (CVE-2021-33200).

  Other fixes in this update:
  - proc: Check /proc/$pid/attr/ writes against file opener

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28980
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.39
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.40
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.41

Keywords: (none) => advisory

Comment 3 Morgan Leijström 2021-05-29 01:32:59 CEST 
Mga8-64 OK here

Downgraded from 5.12.8 ;
uninstalled cpupower 5.12.8, then installed

- cpupower-5.10.41-1.mga8.x86_64
- kernel-desktop-5.10.41-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.10.41-1.mga8-1-1.mga8.x86_64
- virtualbox-kernel-5.10.41-desktop-1.mga8-6.1.22-1.5.mga8.x86_64

Everything is updated to testing

, and reboot,

$ uname -a
Linux svarten.tribun 5.10.41-desktop-1.mga8 #1 SMP Fri May 28 14:12:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner

dkms status tells me VirtualBox and nvidia-current are OK.
BOINC detects CUDA and OpenCL

Plasma desktop, using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, flatpak Firefox...
Video with sound in Mageia Firefox ESR
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter.

VirtualBox running MSW7 64 bit OK: graphics, window resize, bidirectional clipboard, drag file from Dolphin to Explorer, folder sharing write protected and not, folder sharing, USB2 with plugin from upstream, internet video playing in Firefox

CC: (none) => fri

Comment 4 Herman Viaene 2021-05-29 16:06:06 CEST 
MGA7-64 Plasma on Lenovo B50, all Intel HW.
N installation issues.
Firefox internet access OK, tested different file types (pdf, xls, odt, odb,odp,avi, jpg .....) all OK.

CC: (none) => herman.viaene

Comment 5 Len Lawrence 2021-05-30 21:11:16 CEST 
Quick, smooth reboot.
Kernel: 5.10.41-desktop-1.mga7 x86_64
Quad Core: Intel Core i7-4790 type: MT MCP
NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 460.80

NFS shares already remounted.  Maté desktop running fine.
teapot, glxspheres delivering high frame rates with no Sync to VBLANK.
glmark2 average was 6853 fps with 690 processes loaded.
$ perf test
looked the same as usual.
$ cpupower -c 2-5 frequency-info
reports range of 2.6 - 3.5 GHz.

Checked vlc video, pavucontrol, pulseaudio, ruby, LO writer, MCC, LAN network operations, okular, stellarium, rsync, emacs, Firefox, wifi printing, wget to retrieve METAR data from ftp website.

Looks good so far.

CC: (none) => tarazed25

Thomas Backlund 2021-05-31 12:09:28 CEST

Whiteboard: MGA7TOO => MGA7TOO, MGA8-64-OK, MGA7-64-OK

Comment 6 Brian Rockwell 2021-05-31 16:48:22 CEST 
MGA7 - Plasma

Phy Hardware - AMD, Nvidia 390 driver, desktop

installed cpupower, kernel, kernel-dev and rebooted

$ uname -a
Linux localhost 5.10.41-desktop-1.mga7 #1 SMP Fri May 28 14:28:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

# lsmod | grep nvidia
nvidia_drm             53248  1
nvidia_modeset       1056768  24 nvidia_drm
nvidia              15831040  866 nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm_kms_helper        262144  1 nvidia_drm
drm                   593920  5 drm_kms_helper,nvidia_drm,ttm


System is working as designed

CC: (none) => brtians1

Thomas Backlund 2021-05-31 21:10:44 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2021-05-31 22:33:14 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0224.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED