Bug 28981

Summary: Update request: kernel-linus-5.10.41-1.mga8/7
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7TOO, MGA7-64-OK, MGA8-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2021-05-28 19:32:47 CEST 
Closing down at least one local root exploit

SRPM:
kernel-linus-5.10.41-1.mga8.src.rpm


i586:
kernel-linus-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.10.41-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.10.41-1.mga8.i586.rpm
kernel-linus-doc-5.10.41-1.mga8.noarch.rpm
kernel-linus-latest-5.10.41-1.mga8.i586.rpm
kernel-linus-source-5.10.41-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.41-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.10.41-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.10.41-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.10.41-1.mga8.x86_64.rpm
kernel-linus-doc-5.10.41-1.mga8.noarch.rpm
kernel-linus-latest-5.10.41-1.mga8.x86_64.rpm
kernel-linus-source-5.10.41-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.41-1.mga8.noarch.rpm
Comment 1 Thomas Backlund 2021-05-28 19:36:13 CEST 
Mga 7 rpms:

SRPM:
kernel-linus-5.10.41-1.mga7.src.rpm


i586:
kernel-linus-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-linus-devel-5.10.41-1.mga7-1-1.mga7.i586.rpm
kernel-linus-devel-latest-5.10.41-1.mga7.i586.rpm
kernel-linus-doc-5.10.41-1.mga7.noarch.rpm
kernel-linus-latest-5.10.41-1.mga7.i586.rpm
kernel-linus-source-5.10.41-1.mga7-1-1.mga7.noarch.rpm
kernel-linus-source-latest-5.10.41-1.mga7.noarch.rpm


x86_64:
kernel-linus-5.10.41-1.mga7-1-1.mga7.x86_64.rpm
kernel-linus-devel-5.10.41-1.mga7-1-1.mga7.x86_64.rpm
kernel-linus-devel-latest-5.10.41-1.mga7.x86_64.rpm
kernel-linus-doc-5.10.41-1.mga7.noarch.rpm
kernel-linus-latest-5.10.41-1.mga7.x86_64.rpm
kernel-linus-source-5.10.41-1.mga7-1-1.mga7.noarch.rpm
kernel-linus-source-latest-5.10.41-1.mga7.noarch.rpm

Whiteboard: (none) => MGA7TOO
Priority: Normal => High
Summary: Update request: kernel-linus-5.10.41-1.mga8 => Update request: kernel-linus-5.10.41-1.mga8/7

Comment 2 Thomas Backlund 2021-05-28 21:34:38 CEST 
Advisory, added to svn:


type: security
subject: Updated kernel-linus packages fix security vulnerability
CVE:
 - CVE-2021-33200
src:
  8:
   core:
     - kernel-linus-5.10.41-1.mga8
  7:
   core:
     - kernel-linus-5.10.41-1.mga7
description: |
  This kernel-linus update is based on upstream 5.10.37 and fixes atleast
  the following security issue:

  kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect
  limits for pointer arithmetic operations. This can be abused to perform
  out-of-bounds reads and writes in kernel memory, leading to local privilege
  escalation to root. In particular, there is a corner case where the off reg
  causes a masking direction change, which then results in an incorrect final
  aux->alu_limit (CVE-2021-33200).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28981
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.39
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.40
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.41

Keywords: (none) => advisory

Thomas Backlund 2021-05-31 21:11:11 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA7TOO => MGA7TOO, MGA7-64-OK, MGA8-64-OK

Comment 3 Mageia Robot 2021-05-31 22:33:17 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0225.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED