Bug 29313

Summary: Update request: kernel-linus-5.10.56-1.mga8
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2021-07-31 19:58:38 CEST 
Security and bugfixes, and regression fixes for:

renesas usb pci stopped working:
https://bugs.mageia.org/show_bug.cgi?id=29285

some systems booting slowly or not at all after kernel >= 5.10.50


SRPMS:
kernel-linus-5.10.55-1.mga8.src.rpm



i586:
kernel-linus-5.10.55-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.10.55-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.10.55-1.mga8.i586.rpm
kernel-linus-doc-5.10.55-1.mga8.noarch.rpm
kernel-linus-latest-5.10.55-1.mga8.i586.rpm
kernel-linus-source-5.10.55-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.55-1.mga8.noarch.rpm



x86_64:
kernel-linus-5.10.55-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.10.55-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.10.55-1.mga8.x86_64.rpm
kernel-linus-doc-5.10.55-1.mga8.noarch.rpm
kernel-linus-latest-5.10.55-1.mga8.x86_64.rpm
kernel-linus-source-5.10.55-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.55-1.mga8.noarch.rpm
Comment 1 Thomas Backlund 2021-08-02 16:37:47 CEST 
putting on hold, new kernels coming to fix more spectre security issues.

Keywords: (none) => feedback

Comment 2 Len Lawrence 2021-08-02 19:25:07 CEST 
Kernel: 5.10.55-1.mga8 x86_64
Quad Core Intel Core i7-4790 
NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 460.84

Smooth reboot.  Mate desktop.  Virtualbox, nvidia graphics, networking, bluetooth audio all working fine.

CC: (none) => tarazed25

Comment 3 Thomas Backlund 2021-08-04 17:05:55 CEST 
new set:

SRPM:
kernel-linus-5.10.56-1.mga8.src.rpm


i586:
kernel-linus-5.10.56-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.10.56-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.10.56-1.mga8.i586.rpm
kernel-linus-doc-5.10.56-1.mga8.noarch.rpm
kernel-linus-latest-5.10.56-1.mga8.i586.rpm
kernel-linus-source-5.10.56-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.56-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.10.56-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.10.56-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.10.56-1.mga8.x86_64.rpm
kernel-linus-doc-5.10.56-1.mga8.noarch.rpm
kernel-linus-latest-5.10.56-1.mga8.x86_64.rpm
kernel-linus-source-5.10.56-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.56-1.mga8.noarch.rpm

Keywords: feedback => (none)
Summary: Update request: kernel-linus-5.10.55-1.mga8 => Update request: kernel-linus-5.10.56-1.mga8

Comment 4 Len Lawrence 2021-08-05 16:12:40 CEST 
Kernel: 5.10.56-1.mga8 x86_64
10-Core Intel Core i9-7900X [MT MCP]
Mobo: ASUSTeK model: TUF X299 MARK 2
NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 460.84 

This is a production machine with four system partitions.
Rebooted to Mate with everything up and running.
$ stress -c 7 -m 3 -i 2 -d 3 -t 25
stress: info: [53355] dispatching hogs: 7 cpu, 2 io, 3 vm, 3 hdd
Most tests completed normally but the disk operations continued for a long time but eventually completed.
Note that this happens from time to time.
GL graphics tests OK with free VSync.
Bluetooth audio working as before, no configuration needed.
Comment 5 Len Lawrence 2021-08-06 10:55:04 CEST 
Smooth reboot to Mate with nvdis graphics driver.

Kernel: 5.10.56-1.mga8 x86_64
Quad Core Intel Core i7-4790
NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 460.84

stress tests completed normally.
$ perf test
15 failures in 82 tests.
frequency info for selected cores from cpupower.
glmark2, teapot etc. OK.
Installed blues, blueman.  Set up bluetooth audio.
Virtualbox running fine.
Comment 6 Thomas Backlund 2021-08-07 10:49:03 CEST 
Advisory, added to svn

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2021-34556
 - CVE-2021-35477
src:
  8:
   core:
     - kernel-linus-5.10.56-1.mga8
description: |
  This kernel-linus update is based on upstream 5.10.56 and fixes atleast
  the following security issues:

  In the Linux kernel through 5.13.7, an unprivileged BPF program can
  obtain sensitive information from kernel memory via a Speculative Store
  Bypass side-channel attack because the protection mechanism neglects the
  possibility of uninitialized memory locations on the BPF stack
  (CVE-2021-34556).

  In the Linux kernel through 5.13.7, an unprivileged BPF program can
  obtain sensitive information from kernel memory via a Speculative Store
  Bypass side-channel attack because a certain preempting store operation
  does not necessarily occur before a store operation that has an
  attacker-controlled value (CVE-2021-35477).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29313
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.53
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.54
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.55
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.56

Keywords: (none) => advisory

Thomas Backlund 2021-08-07 11:06:43 CEST

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2021-08-07 11:32:45 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0398.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED