Bug 29235

Summary:	Update request: kernel-5.10.48-1.mga8
Product:	Mageia	Reporter:	Thomas Backlund <tmb>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	fri, guillaume.royer, ouaurelien, sysadmin-bugs, tarazed25, wilcal.int
Version:	8	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA8-64-OK
Source RPM:	kernel	CVE:
Status comment:

Description Thomas Backlund 2021-07-07 20:40:57 CEST

security and bugfixes, additional hw support

SRPMS:
kernel-5.10.48-1.mga8.src.rpm
kmod-virtualbox-6.1.22-1.10.mga8.src.rpm
kmod-xtables-addons-3.18-1.10.mga8.src.rpm



i586:
bpftool-5.10.48-1.mga8.i586.rpm
cpupower-5.10.48-1.mga8.i586.rpm
cpupower-devel-5.10.48-1.mga8.i586.rpm
kernel-desktop-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-latest-5.10.48-1.mga8.i586.rpm
kernel-desktop586-latest-5.10.48-1.mga8.i586.rpm
kernel-desktop-devel-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-latest-5.10.48-1.mga8.i586.rpm
kernel-desktop-latest-5.10.48-1.mga8.i586.rpm
kernel-doc-5.10.48-1.mga8.noarch.rpm
kernel-server-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-latest-5.10.48-1.mga8.i586.rpm
kernel-server-latest-5.10.48-1.mga8.i586.rpm
kernel-source-5.10.48-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.48-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.48-1.mga8.i586.rpm
libbpf0-5.10.48-1.mga8.i586.rpm
libbpf-devel-5.10.48-1.mga8.i586.rpm
perf-5.10.48-1.mga8.i586.rpm

xtables-addons-kernel-5.10.48-desktop-1.mga8-3.18-1.10.mga8.i586.rpm
xtables-addons-kernel-5.10.48-desktop586-1.mga8-3.18-1.10.mga8.i586.rpm
xtables-addons-kernel-5.10.48-server-1.mga8-3.18-1.10.mga8.i586.rpm
xtables-addons-kernel-desktop586-latest-3.18-1.10.mga8.i586.rpm
xtables-addons-kernel-desktop-latest-3.18-1.10.mga8.i586.rpm
xtables-addons-kernel-server-latest-3.18-1.10.mga8.i586.rpm



x86_64:
bpftool-5.10.48-1.mga8.x86_64.rpm
cpupower-5.10.48-1.mga8.x86_64.rpm
cpupower-devel-5.10.48-1.mga8.x86_64.rpm
kernel-desktop-5.10.48-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-5.10.48-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-latest-5.10.48-1.mga8.x86_64.rpm
kernel-desktop-latest-5.10.48-1.mga8.x86_64.rpm
kernel-doc-5.10.48-1.mga8.noarch.rpm
kernel-server-5.10.48-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-5.10.48-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-latest-5.10.48-1.mga8.x86_64.rpm
kernel-server-latest-5.10.48-1.mga8.x86_64.rpm
kernel-source-5.10.48-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.48-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.48-1.mga8.x86_64.rpm
lib64bpf0-5.10.48-1.mga8.x86_64.rpm
lib64bpf-devel-5.10.48-1.mga8.x86_64.rpm
perf-5.10.48-1.mga8.x86_64.rpm

virtualbox-kernel-5.10.48-desktop-1.mga8-6.1.22-1.10.mga8.x86_64.rpm
virtualbox-kernel-5.10.48-server-1.mga8-6.1.22-1.10.mga8.x86_64.rpm
virtualbox-kernel-desktop-latest-6.1.22-1.10.mga8.x86_64.rpm
virtualbox-kernel-server-latest-6.1.22-1.10.mga8.x86_64.rpm

xtables-addons-kernel-5.10.48-desktop-1.mga8-3.18-1.10.mga8.x86_64.rpm
xtables-addons-kernel-5.10.48-server-1.mga8-3.18-1.10.mga8.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.18-1.10.mga8.x86_64.rpm
xtables-addons-kernel-server-latest-3.18-1.10.mga8.x86_64.rpm

Comment 1 David Walser 2021-07-09 00:36:32 CEST

Working fine on my 2014 machine with MSI Z87-G43 (MS-7816) mobo, Intel(R) Core(TM) i7-4770K CPU, and AMD Radeon(TM) HD 8800 Series video card (x86_64).

Comment 2 Morgan Leijström 2021-07-09 18:19:57 CEST

Mga8-64 OK here

Was running backport kernel 5.12.13;
downgraded cpupower and kernel-userspace-headers,
installed -5.10.48-1.mga8 of kernel-desktop, kernel-desktop-devel, virtualbox-kernel desktop 

$ uname -a
Linux svarten.tribun 5.10.48-desktop-1.mga8 #1 SMP Wed Jul 7 14:29:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner

dkms status tells me VirtualBox and nvidia-current are OK.
BOINC detects CUDA and OpenCL

Been using it now and then today
Plasma desktop, using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, flatpak Firefox...
Video with sound in Mageia Firefox ESR
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chrome, nor Firefox ESR but do in flatpak version.

VirtualBox running MSW7 64 bit OK: graphics, window resize, bidirectional clipboard, drag file from Dolphin to Explorer, folder sharing write protected and not, folder sharing, USB2 with plugin from upstream using USB stick, internet video playing in Firefox and Chrome.

CC: (none) => fri

Comment 3 William Kenney 2021-07-09 20:29:25 CEST

On M8 hardware in a Vbox client, M8, Plasma, 64-bit

clear
uname -a
urpmi kernel-desktop-latest
urpmi kernel-userspace-headers
urpmi cpupower

Linux localhost 5.10.46-desktop-1.mga8 #1 SMP Thu Jun 24 14:33:54 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.46-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.46-1.mga8.x86_64 is already installed
Package cpupower-5.10.46-1.mga8.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop-latest cpupower kernel-userspace-headers from updates testing

The following 6 packages are going to be installed:

- cpupower-5.10.48-1.mga8.x86_64
- glibc-2.32-17.mga8.x86_64
- glibc-devel-2.32-17.mga8.x86_64
- kernel-desktop-5.10.48-1.mga8-1-1.mga8.x86_64
- kernel-desktop-latest-5.10.48-1.mga8.x86_64
- kernel-userspace-headers-5.10.48-1.mga8.x86_64

Reboot system.

Linux localhost 5.10.48-desktop-1.mga8 #1 SMP Wed Jul 7 14:29:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.48-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.48-1.mga8.x86_64 is already installed
Package cpupower-5.10.48-1.mga8.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

Comment 4 William Kenney 2021-07-09 20:32:00 CEST

On real hardware, M8, Plasma, 64-bit

Packages checked:

kernel-desktop-latest virtualbox kernel-userspace-headers
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest
cpupower dkms-virtualbox

clear
uname -a
urpmi kernel-desktop-latest
urpmi virtualbox
urpmi x11-driver-video-vboxvideo
urpmi kernel-desktop-devel-latest
urpmi kernel-userspace-headers
urpmi cpupower
urpmi virtualbox-kernel-desktop-latest
urpmi dkms-virtualbox
 
Linux localhost 5.10.46-desktop-1.mga8 #1 SMP Thu Jun 24 14:33:54 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.46-1.mga8.x86_64 is already installed
Package virtualbox-6.1.22-1.mga8.x86_64 is already installed
Package x11-driver-video-vboxvideo-1.0.0-6.mga8.x86_64 is already installed
Package kernel-desktop-devel-latest-5.10.46-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.46-1.mga8.x86_64 is already installed
Package cpupower-5.10.46-1.mga8.x86_64 is already installed
Package virtualbox-kernel-desktop-latest-6.1.22-1.9.mga8.x86_64 is already installed
Package dkms-virtualbox-6.1.22-1.mga8.x86_64 is already installed
[root@localhost wilcal]# lspic -k
00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07)
        DeviceName: To Be Filled by O.E.M.
        Subsystem: Dell Device 097c
        Kernel driver in use: i915
        Kernel modules: i915

Boots to working desktop

M8   x86_64 Vbox Plasma Client, boots to a working desktop - Screen size correct

install from update_testing:

kernel-desktop-latest kernel-desktop-devel-latest virtualbox-kernel-desktop-latest kernel-userspace-headers cpupower virtualbox-kernel-desktop-latest

The following 8 packages are going to be installed:

- cpupower-5.10.48-1.mga8.x86_64
- glibc-2.32-17.mga8.x86_64
- glibc-devel-2.32-17.mga8.x86_64
- kernel-desktop-5.10.48-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.10.48-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.10.48-1.mga8.x86_64
- kernel-desktop-latest-5.10.48-1.mga8.x86_64
- kernel-userspace-headers-5.10.48-1.mga8.x86_64

clear
uname -a
urpmi kernel-desktop-latest
urpmi kernel-desktop-devel-latest
urpmi kernel-userspace-headers
urpmi virtualbox-kernel-desktop-latest
urpmi cpupower
 
Linux localhost 5.10.48-desktop-1.mga8 #1 SMP Wed Jul 7 14:29:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.48-1.mga8.x86_64 is already installed
Package kernel-desktop-devel-latest-5.10.48-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.48-1.mga8.x86_64 is already installed
Package virtualbox-kernel-desktop-latest-6.1.22-1.10.mga8.x86_64 is already installed
Package cpupower-5.10.48-1.mga8.x86_64 is already installed
[root@localhost wilcal]# lspci -k
00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07)
        DeviceName: To Be Filled by O.E.M.
        Subsystem: Dell Device 097c
        Kernel driver in use: i915
        Kernel modules: i915

Boots to working desktop

M8   x86_64 Vbox Plasma Client, boots to a working desktop - Screen size correct

Comment 5 Thomas Backlund 2021-07-09 20:48:19 CEST

Advisory, added to svn:


type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2020-26541
 - CVE-2021-22543
 - CVE-2021-35039
src:
  8:
   core:
     - kernel-5.10.48-1.mga8
     - kmod-virtualbox-6.1.22-1.10.mga8
     - kmod-xtables-addons-3.18-1.10.mga8
description: |
  This kernel update is based on upstream 5.10.48 and fixes atleast the
  following security issues:

  The Linux kernel through 5.8.13 does not properly enforce the Secure Boot
  Forbidden Signature Database (aka dbx) protection mechanism. This affects
  certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541).

  An issue was discovered in Linux: KVM through Improper handling of VM_IO|
  VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being
  freed while still accessible by the VMM and guest. This allows users with
  the ability to start and control a VM to read/write random pages of memory
  and can result in local privilege escalation (CVE-2021-22543).

  kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature
  Verification. Without CONFIG_MODULE_SIG, verification that a kernel module
  is signed, for loading via init_module, does not occur for a
  module.sig_enforce=1 command-line argument (CVE-2021-35039).

  Other fixes in this update:
  - ahci: Add support for Dell S140 and later controllers
  - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8
  - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445/450/630 G8
  - drm/amdgpu: fix bad address translation for sienna_cichlid
  - drm/sched: Avoid data corruptions
  - net: ip: avoid OOM kills with large UDP sends over loopback
  - iwlwifi: Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
  - virtio_net: Remove BUG() to avoid machine dead

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29235
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.47
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.48

Keywords: (none) => advisory

Comment 6 Len Lawrence 2021-07-10 00:36:13 CEST

Kernel: 5.10.48-desktop-1.mga8 x86_64
10-Core Intel Core i9-7900X
NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 460.84

Rebooted OK.  NFS shares mounted.  NVIDIA GL graphics OK.
Having some problems with bluetooth but everything else is fine.

CC: (none) => tarazed25

Comment 7 Len Lawrence 2021-07-10 03:19:46 CEST

Referring to comment 6:
Using blueman.
Managed to get bluetooth audio working and then bluetooth printing after removing the already configured printer and adding it again.

Comment 8 Guillaume Royer 2021-07-10 20:11:49 CEST

MGA 8 XFCE 64 Core I3 with 4Go Ram. Nvidia GeFore 520M Driver 390 nonfree, Braodcom wl 6.30.223.271-61.mga8.nonfree.

Updated with QA repo:

cpupower                       5.10.48      1.mga8        x86_64  
kernel-desktop-5.10.48-1.mga8  1            1.mga8        x86_64  
kernel-desktop-devel-5.10.48-> 1            1.mga8        x86_64  
kernel-desktop-devel-latest    5.10.48      1.mga8        x86_64  
kernel-desktop-latest          5.10.48      1.mga8        x86_64

No issues after reboot
Bluetooth, switching nvidia driver with mageia prime ok

CC: (none) => guillaume.royer

Comment 9 Aurelien Oudelet 2021-07-12 21:06:01 CEST

$ inxi -SGxx
System:    Host: mageia.local Kernel: 5.10.48-desktop-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 
           Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 
Graphics:  Device-1: NVIDIA TU116 [GeForce GTX 1660 Ti] vendor: Gigabyte driver: nvidia v: 460.84 
           bus ID: 01:00.0 chip ID: 10de:2182 
           Display: x11 server: Mageia X.org 1.20.11 compositor: kwin_x11 driver: modesetting,nvidia,v4l 
           resolution: 1: 1920x1080~60Hz 2: 1920x1080 s-dpi: 80 
           OpenGL: renderer: GeForce GTX 1660 Ti/PCIe/SSE2 v: 4.6.0 NVIDIA 460.84 direct render: Yes

All running fine since day one.
Firefox, Plasma, Wine (World of Warcraft), nvidia-current in use, sound, bluetooth, WiFi OK, Ethernet OK.

$ inxi -Nxx
Network:   Device-1: Intel Ethernet I219-V vendor: Gigabyte driver: e1000e v: kernel port: f000 
           bus ID: 00:1f.6 chip ID: 8086:15b8 
           Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel port: e000 bus ID: 05:00.0 
           chip ID: 8086:2723

$ inxi -Axx
Audio:     Device-1: Intel 100 Series/C230 Series Family HD Audio vendor: Gigabyte driver: snd_hda_intel 
           v: kernel bus ID: 00:1f.3 chip ID: 8086:a170 
           Device-2: NVIDIA TU116 High Definition Audio vendor: Gigabyte driver: snd_hda_intel v: kernel 
           bus ID: 01:00.1 chip ID: 10de:1aeb 
           Device-3: Logitech HD Pro Webcam C920 type: USB driver: snd-usb-audio,uvcvideo bus ID: 1-5:3 
           chip ID: 046d:08e5 
           Sound Server: ALSA v: k5.10.48-desktop-1.mga8

All OK.
MGA8-64-OK

Validating.

CC: (none) => ouaurelien

Comment 10 Aurelien Oudelet 2021-07-12 21:07:02 CEST

Note that Virtualbox runs also fine, even my Win10 client for some test.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 11 Mageia Robot 2021-07-12 22:27:59 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0347.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED