28262 – Update request: kernel-linus-5.10.12-1.mga7

Bug 28262 - Update request: kernel-linus-5.10.12-1.mga7

Summary: Update request: kernel-linus-5.10.12-1.mga7

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	High Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-01-30 18:43 CET by Thomas Backlund
Modified:	2021-02-01 18:54 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	kernel-linus
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2021-01-30 18:43:07 CET

This 5.10.12 update closes this security issue:

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel (CVE-2021-3347).

SRPMS:
kernel-linus-5.10.12-1.mga7.src.rpm


i586:
kernel-linus-5.10.12-1.mga7-1-1.mga7.i586.rpm
kernel-linus-devel-5.10.12-1.mga7-1-1.mga7.i586.rpm
kernel-linus-devel-latest-5.10.12-1.mga7.i586.rpm
kernel-linus-doc-5.10.12-1.mga7.noarch.rpm
kernel-linus-latest-5.10.12-1.mga7.i586.rpm
kernel-linus-source-5.10.12-1.mga7-1-1.mga7.noarch.rpm
kernel-linus-source-latest-5.10.12-1.mga7.noarch.rpm


x86_64:
kernel-linus-5.10.12-1.mga7-1-1.mga7.x86_64.rpm
kernel-linus-devel-5.10.12-1.mga7-1-1.mga7.x86_64.rpm
kernel-linus-devel-latest-5.10.12-1.mga7.x86_64.rpm
kernel-linus-doc-5.10.12-1.mga7.noarch.rpm
kernel-linus-latest-5.10.12-1.mga7.x86_64.rpm
kernel-linus-source-5.10.12-1.mga7-1-1.mga7.noarch.rpm
kernel-linus-source-latest-5.10.12-1.mga7.noarch.rpm

Thomas Backlund 2021-01-30 18:43:20 CET

Priority: Normal => High

Comment 1 Thomas Backlund 2021-01-30 19:00:53 CET

Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerability
CVE:
 - CVE-2021-3347
src:
  7:
   core:
     - kernel-linus-5.10.12-1.mga7
description: |
  This kernel-linus update is based on upstream 5.10.11 and fixes atleast the
  following security issue:

  An issue was discovered in the Linux kernel through 5.10.11. PI futexes
  have a kernel stack use-after-free during fault handling, allowing local
  users to execute code in the kernel (CVE-2021-3347).

  For other upstream fixes, see the referenced changelog.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28262
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.12

Keywords: (none) => advisory

Comment 2 Aurelien Oudelet 2021-02-01 15:25:07 CET

M7 Plasma X86_64, Classic ISO.
Runs well.
Basic usage OK.
nvidia-current is OK through DKMS.

All peripherals are OK.
Validating, as Kernel-desktop/server with Mageia preset have been already flushed out.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK
CC: (none) => ouaurelien, sysadmin-bugs

Comment 3 Mageia Robot 2021-02-01 18:54:50 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0062.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.