advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerability
CVE:
 - CVE-2021-26708
src:
  7:
   core:
     - kernel-5.10.14-1.mga7
     - kmod-virtualbox-6.1.18-6.mga7
     - kmod-xtables-addons-3.13-12.mga7
description: |
  This kernel update is based on upstream 5.10.14 and fixes atleast the
  following security issues:

  A local privilege escalation was discovered in the Linux kernel before
  5.10.13. Multiple race conditions in the AF_VSOCK implementation are
  caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).

  It also adds the following fixes:
  - make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
  - drm/amd/display: Revert "Fix EDID parsing after resume from suspend"
  - drm/amdgpu: fix the issue that retry constantly once the buffer is oversize
  - drm/amdgpu: set default value of noretry to 1 for vega10
  - drm/amdgpu: default noretry=0 for navi1x and newer
  - drm/amdkfd: fix null pointer panic while free buffer in kfd
  - mm: thp: fix MADV_REMOVE deadlock on shmem THP

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28340
 - https://bugs.mageia.org/show_bug.cgi?id=28312
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14

Keywords: (none) => advisory

In a Vbox client, M7.1, Gnome, 32-bit

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop586-latest cpupower from updates testing

The following 3 packages are going to be installed:

- cpupower-5.10.14-1.mga7.i586
- kernel-desktop586-5.10.14-1.mga7-1-1.mga7.i586
- kernel-desktop586-latest-5.10.14-1.mga7.i586

Reboot system.

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

In a Vbox client, M7.1, Plasma, 64-bit

Testing: kernel-desktop-latest cpupower

[root@localhost wilcal]# uname -a
Linux localhost 5.10.12-desktop-1.mga7 #1 SMP Sat Jan 30 14:29:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop-latest cpupower from updates testing

The following 3 packages are going to be installed:

- cpupower-5.10.14-1.mga7.x86_64
- kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-latest-5.10.14-1.mga7.x86_64

Reboot system.

[root@localhost wilcal]# uname -a
Linux localhost 5.10.14-desktop-1.mga7 #1 SMP Sun Feb 7 19:36:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Boots to a working desktop. Screen resolution is correct. Common apps work.

On real hardware, M8, Plasma, 64-bit

initial status:

[root@localhost wilcal]# uname -a
Linux localhost 5.10.12-desktop-1.mga7 #1 SMP Sat Jan 30 14:29:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
        
M7.1 x86_64 Plasma boots to a working desktop
Runs as a Vbox client. Works just fine. Boots to a working desktop.

install from update_testing:

kernel-desktop-latest
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower

The following 7 packages are going to be installed:

- cpupower-5.10.14-1.mga7.x86_64
- kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.10.14-1.mga7.x86_64
- kernel-desktop-latest-5.10.14-1.mga7.x86_64
- virtualbox-kernel-5.10.14-desktop-1.mga7-6.1.18-6.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.1.18-6.mga7.x86_64

[root@localhost wilcal]# uname -a
Linux localhost 5.10.14-desktop-1.mga7 #1 SMP Sun Feb 7 19:36:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Mageia-7,1-Plasma-x86_64
Runs as a Vbox client. Works just fine. Boots to a working desktop.

Mageia-8-Plama-x86_64
Runs as a Vbox client. Works just fine. Boots to a working desktop.

Kernel: 5.10.14-desktop-1.mga7 x86_64
10-Core: Intel Core i9-7900X type: MT MCP
NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia

No problems with this.  Desktop re-established.Ran four stress tests concurrently.
$ cpupower frequency-info
analyzing CPU 0:
  driver: intel_pstate
.....
$ perf test
<OK>

NAS and NFS shares OK.
Leaving this to run on production system.

CC: (none) => tarazed25

x2-3800 - running nouveau (304) - phys machine

The following 3 packages are going to be installed:

- cpupower-5.10.14-1.mga7.i586
- kernel-server-5.10.14-1.mga7-1-1.mga7.i586
- kernel-server-latest-5.10.14-1.mga7.i586

rebooted

-----

$ uname -a
Linux localhost 5.10.14-server-1.mga7 #1 SMP Sun Feb 7 20:40:52 UTC 2021 i686 i686 i386 GNU/Linux

I've spent a day using the web-server and file server configured on it.

No issues.

CC: (none) => brtians1

on mga7-64  kernel-desktop  plasma

Packages installed cleanly:
- cpupower-5.10.14-1.mga7.x86_64
- kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.10.14-1.mga7.x86_64
- kernel-desktop-latest-5.10.14-1.mga7.x86_64
- kernel-userspace-headers-5.10.14-1.mga7.x86_64
- virtualbox-kernel-5.10.14-desktop-1.mga7-6.1.18-6.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.1.18-6.mga7.x86_64

system re-booted normally:

uname -r
5.10.14-desktop-1.mga7

# dkms status
virtualbox, 6.1.18-1.mga7, 5.10.14-desktop-1.mga7, x86_64: installed 
virtualbox, 6.1.18-1.mga7, 5.10.14-desktop-1.mga7, x86_64: installed-binary from 5.10.14-desktop-1.mga7

no regressions observed

vbox and client launched normally

looks OK for mga7-64 on this system:

Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 
CPU: Intel Core i7-6700
Graphics: Intel HD Graphics 530 (Skylake GT2)

CC: (none) => jim

Kernel: 5.10.14-desktop-1.mga7 x86_64
Asus Aorus X5 laptop
Quad Core: Intel Core i7-5700HQ type: MT MCP
Twin nvidia graphics cards - one in use
NVIDIA GM204M [GeForce GTX 965M] driver: nvidia 460.32.03
Intel Wireless 7265 driver: iwlwifi

Installation without issues
# drakboot --boot
Rebooted smoothly to Mate desktop, wifi running.
Ran a few stress tests, which made the fans spin.
glmark2 does not run but glxspheres does.  Disabling Sync to Vblank multiplies the frame rate by a factor of 25.
Bluetooth audio working fine.  Video works with vlc.  Desktop applications like LO writer, thunar, ristretto, FrozenBubble work as expected.  Tried stellarium, MCC, and atril (viewed the laptop PDF manual).  Ran `perf test`; 82 tests, some skips and a a dozen failures.
$ cpupower frequency-info
analyzing CPU 0:
  driver: intel_cpufreq
  CPUs which run at the same hardware frequency: 0
  CPUs which need to have their frequency coordinated by software: 0
  maximum transition latency: 20.0 us
  hardware limits: 800 MHz - 3.50 GHz
......

So far, no problems.

AMD X3-450, Vidia 730GT (390)

The following 6 packages are going to be installed:

- cpupower-5.10.14-1.mga7.x86_64
- kernel-desktop-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.10.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.10.14-1.mga7.x86_64
- kernel-desktop-latest-5.10.14-1.mga7.x86_64
- kernel-userspace-headers-5.10.14-1.mga7.x86_64

119MB of additional disk space will be used.


---

after reboot

# uname -a
Linux localhost 5.10.14-desktop-1.mga7 #1 SMP Sun Feb 7 19:36:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

# lsmod | grep nvidia
nvidia_drm             53248  1
nvidia_modeset       1056768  22 nvidia_drm
nvidia              15831040  784 nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm_kms_helper        262144  1 nvidia_drm
drm                   593920  5 drm_kms_helper,nvidia_drm,ttm


working as designed

Dell Inspiron 5100, 32-bit P4, 2GB RAM, Radeon RV200 (m7500) graphics, Atheros AR2413/AR2414 wifi, 32-bit Xfce system, using the desktop kernel.

No installation issues. After reboot, no issues noted. Looks OK on this hardware.

The 5.10.14 desktop kernel also looks to be working on this hardware in Mageia 8.

CC: (none) => andrewsfarm

MGA7-64 MATE on Peaq C1011
No installation issues. Kernel running now.
No problems encountered acessing NFS shares, wifi network, using odt, doc, ods, odp, jpag,avi files

CC: (none) => herman.viaene

thanks for the tests, flushing out

Whiteboard: (none) => MGA7-64-OK, MGA7-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0084.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED