Bug 29628

Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2021-3760
 - CVE-2021-3772
 - CVE-2021-42327
 - CVE-2021-43267
 - CVE-2021-43389
src:
  8:
   core:
     - kernel-5.10.78-1.mga8
     - kmod-virtualbox-6.1.28-1.4.mga8
     - kmod-xtables-addons-3.18-1.28.mga8
     - wireguard-tools-1.0.20210914-1.mga8
description: |
  This kernel update is based on upstream 5.10.78 and fixes atleast the
  following security issues:

  A use-after-free vulnerability in the NFC stack can lead to a threat to
  confidentiality, integrity, and system availability (CVE-2021-3760).

  A flaw in the SCTP stack where a blind attacker may be able to kill an
  existing SCTP association through invalid chunks if the attacker knows
  the IP-addresses and port numbers being used and the attacker can send
  packets with spoofed IP addresses (CVE-2021-3772).

  A flaw heap buffer overflow in the Linux kernel's AMD Radeon graphics
  card driver was found in the way user writes some malicious data to the
  AMD GPU Display Driver Debug Filesystem (to the VGA sub-directory of the
  /sys/kernel/debug/ directory). A local user could use this flaw to crash
  the system or escalate their privileges on the system (CVE-2021-42327).

  A flaw was discovered in the cryptographic receive code in the Linux
  kernel's implementation of transparent interprocess communication. An
  attacker, with the ability to send TIPC messages to the target, can
  corrupt memory and escalate privileges on the target system
  (CVE-2021-43267).

  An issue was discovered in the Linux kernel before 5.14.15. There is an
  array-index-out-of-bounds flaw in the detach_capi_ctr function in
  drivers/isdn/capi/kcapi.c (CVE-2021-43389).

  wireguard-tools are updated to 1.0.20210914.

  For other upstream fixes, see the referenced changelogs. 
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29628
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.76
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.77
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.78

Keywords: (none) => advisory

Mga8-64 OK here

Disabled backports repos and
$ sudo urpmi --downgrade cpupower kernel-userspace-headers
In drakrpm i selected 5.10.78-1 versions to install:
- kernel-desktop-5.10.78-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.10.78-1.mga8-1-1.mga8.x86_64
- virtualbox-kernel-5.10.78-desktop-1.mga8-6.1.28-1.4.mga8.x86_64
(and in same transaction i also had it remove the from backports installed  -latest packages of corresponding packages)

reboot

$ uname -a
Linux svarten.tribun 5.10.78-desktop-1.mga8 #1 SMP Sat Nov 6 13:40:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux


dkms status tells me nvidia-current and virtualbox are OK.
BOINC detects CUDA and OpenCL (but no work to test)


Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner


Tested:  Plasma desktop; using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, printing, Firefox ESR, flatpak Firefox, flatpak Spotify, java program FriBOK, ...
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chromium, nor Firefox ESR but do in flatpak version.
VirtualBox: Launched my usual MSW7pro-64, tests OK: bidirectional clipboard, shared folders write protected and not, USB2 memory stick read&write (using upstream extension pack), drag file from Dolphin to Windows Explorer, Windows update (antivirus), video playing in Firefox from upstream while CPU is heavily loaded.

CC: (none) => fri

No regressions found.
Tested on x86_64 with desktop and server kernels, as well as aarch64 (rpi 4b).
Also under vb with x86_64 and i586 desktop kernels.

CC: (none) => davidwhodgins

Hi all,

I have tried this new version, ok here, in Vbox with Mageia Plasma x64.

Tested: Plasma desktop, urpmi, konsole, Libreoffice, Thunderbird, Firefox, Gimp, all ok.

CC: (none) => joselpddj

Installed desktop kernels on two x86_64 Intel/nvidia machines.  Smooth reboots and no problems so far.

CC: (none) => tarazed25

On M8 hardware in a Vbox client, M8, Xfce, 32-bit

clear
uname -a
urpmi kernel-desktop-latest
urpmi kernel-userspace-headers
urpmi cpupower

Linux localhost 5.10.75-desktop586-1.mga8 #1 SMP Wed Oct 20 10:26:50 UTC 2021 i686 i686 i386 GNU/Linux
Package kernel-desktop-latest-5.10.75-1.mga8.i586 is already installed
Package kernel-userspace-headers-5.10.75-1.mga8.i586 is already installed
Package cpupower-5.10.75-1.mga8.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop-latest cpupower kernel-userspace-headers from updates testing

The following 4 packages are going to be installed:

- cpupower-5.10.60-2.mga8.i586
- kernel-desktop-5.10.60-2.mga8-1-1.mga8.i586
- kernel-desktop-latest-5.10.60-2.mga8.i586
- kernel-userspace-headers-5.10.60-2.mga8.i586

Reboot system.

Linux localhost 5.10.60-desktop-2.mga8 #1 SMP Wed Aug 18 11:48:56 UTC 2021 i686 i686 i386 GNU/Linux
Package kernel-desktop-latest-5.10.60-2.mga8.i586 is already installed
Package kernel-userspace-headers-5.10.60-2.mga8.i586 is already installed
Package cpupower-5.10.60-2.mga8.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

On M8 hardware in a Vbox client, M8, Plasma, 64-bit

clear
uname -a
urpmi --auto kernel-desktop-latest
urpmi --auto kernel-userspace-headers
urpmi --auto cpupower
urpmi --auto virtualbox-guest-additions
 
\Linux localhost 5.10.75-desktop-1.mga8 #1 SMP Wed Oct 20 10:23:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.75-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.75-1.mga8.x86_64 is already installed
Package cpupower-5.10.75-1.mga8.x86_64 is already installed
Package virtualbox-guest-additions-6.1.28-1.mga8.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop-latest cpupower kernel-userspace-headers virtualbox-guest-additions from updates testing

Reboot system.

Linux localhost 5.10.78-desktop-1.mga8 #1 SMP Sat Nov 6 13:40:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.78-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.78-1.mga8.x86_64 is already installed
Package cpupower-5.10.78-1.mga8.x86_64 is already installed
Package virtualbox-guest-additions-6.1.28-1.mga8.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

On real hardware, M8, Plasma, 64-bit

Packages checked:

kernel-desktop-latest virtualbox kernel-userspace-headers
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest
cpupower dkms-virtualbox

clear
uname -a
urpmi kernel-desktop-latest
urpmi virtualbox
urpmi x11-driver-video-vboxvideo
urpmi kernel-desktop-devel-latest
urpmi kernel-userspace-headers
urpmi cpupower
urpmi virtualbox-kernel-desktop-latest
urpmi dkms-virtualbox
 
Linux localhost 5.10.75-desktop-1.mga8 #1 SMP Wed Oct 20 10:23:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.75-1.mga8.x86_64 is already installed
Package virtualbox-6.1.28-1.mga8.x86_64 is already installed
Package x11-driver-video-vboxvideo-1.0.0-6.mga8.x86_64 is already installed
Package kernel-desktop-devel-latest-5.10.75-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.75-1.mga8.x86_64 is already installed
Package cpupower-5.10.75-1.mga8.x86_64 is already installed
Package virtualbox-kernel-desktop-latest-6.1.28-1.2.mga8.x86_64 is already installed
Package dkms-virtualbox-6.1.28-1.mga8.x86_64 is already installed
[root@localhost wilcal]# lspci -k
00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07)
        DeviceName: To Be Filled by O.E.M.
        Subsystem: Dell Device 097c
        Kernel driver in use: i915
        Kernel modules: i915

Boots to working desktop

M8   i586   Vbox Xfce   Client, boots to a working desktop - Screen size correct
M8   x86_64 Vbox Plasma Client, boots to a working desktop - Screen size correct

install from update_testing:

kernel-desktop-latest kernel-desktop-devel-latest virtualbox-kernel-desktop-latest
kernel-userspace-headers cpupower virtualbox-kernel-desktop-latest

reboot system
 
Linux localhost 5.10.78-desktop-1.mga8 #1 SMP Sat Nov 6 13:40:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.10.78-1.mga8.x86_64 is already installed
Package virtualbox-6.1.28-1.mga8.x86_64 is already installed
Package x11-driver-video-vboxvideo-1.0.0-6.mga8.x86_64 is already installed
Package kernel-desktop-devel-latest-5.10.78-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.10.78-1.mga8.x86_64 is already installed
Package cpupower-5.10.78-1.mga8.x86_64 is already installed
Package virtualbox-kernel-desktop-latest-6.1.28-1.4.mga8.x86_64 is already installed
Package dkms-virtualbox-6.1.28-1.mga8.x86_64 is already installed
[root@localhost wilcal]# lspci -k
00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07)
        DeviceName: To Be Filled by O.E.M.
        Subsystem: Dell Device 097c
        Kernel driver in use: i915
        Kernel modules: i915

M8   i586   Vbox Xfce   Client, boots to a working desktop - Screen size correct
M8   x86_64 Vbox Plasma Client, boots to a working desktop - Screen size correct

Dell Inspiron 5100, 32-bit P4, Radeon RV200 graphics, Atheros wifi, 32-bit Xfce system using the desktop kernel.

No installation issues, and after the reboot, no regressions noted.

CC: (none) => andrewsfarm

MGA8-64, Xfce, AMD x3-450, Nvidia 390 (730 GT)

The following 5 packages are going to be installed:

- cpupower-5.10.78-1.mga8.x86_64
- kernel-desktop-5.10.78-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.10.78-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.10.78-1.mga8.x86_64
- kernel-desktop-latest-5.10.78-1.mga8.x86_64

--- rebooted

# uname -a
Linux localhost.localdomain 5.10.78-desktop-1.mga8 #1 SMP Sat Nov 6 13:40:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

# lsmod | grep nvidia
nvidia_uvm            925696  0
nvidia_drm             53248  1
drm_kms_helper        270336  1 nvidia_drm
nvidia_modeset       1056768  10 nvidia_drm
nvidia              15880192  395 nvidia_uvm,nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm                   606208  4 drm_kms_helper,nvidia_drm

nextcloud client working
firefox working
network working
libreoffice working

works for me

CC: (none) => brtians1

Tested on a Sony Vaio E Series notebook, KDE Plasma amd64 as host and guest with Qemu/KVM and Virt-Manager.

Host:
Linux mga8-tst2 5.10.78-desktop-1.mga8 #1 SMP Sat Nov 6 13:40:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Thames [Radeon HD 7550M/7570M/7650M] [1002:6841]
        Subsystem: Sony Corporation Device [104d:90ac]
        Kernel driver in use: radeon
        Kernel modules: radeon

Guest:
Linux mga8-vm 5.10.78-server-1.mga8 #1 SMP Sat Nov 6 14:59:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

[root@mga8-vm ~]# lspci -nnk | grep -iA3 vga
00:02.0 VGA compatible controller [0300]: Red Hat, Inc. QXL paravirtual graphic card [1b36:0100] (rev 05)
        Subsystem: Red Hat, Inc. QEMU Virtual Machine [1af4:1100]
        Kernel driver in use: qxl
        Kernel modules: qxl

No regression found.

CC: (none) => bequimao.de

AMD x2.3800, nvidia (Nouveau)

The following 3 packages are going to be installed:

- cpupower-5.10.78-1.mga8.i586
- kernel-server-5.10.78-1.mga8-1-1.mga8.i586
- kernel-server-latest-5.10.78-1.mga8.i586

--- rebooted

system came back up with kernel
graphics are working
Nextcloud server is working

AMD A6-3420M APU, laptop

installed desktop

The system is working as designed.

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0507.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED