another local privilege escalation fix is out... SRPMS: kernel-linus-5.10.14-1.mga7.src.rpm i586: kernel-linus-5.10.14-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-5.10.14-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-latest-5.10.14-1.mga7.i586.rpm kernel-linus-doc-5.10.14-1.mga7.noarch.rpm kernel-linus-latest-5.10.14-1.mga7.i586.rpm kernel-linus-source-5.10.14-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.14-1.mga7.noarch.rpm x86_64: kernel-linus-5.10.14-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-5.10.14-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-latest-5.10.14-1.mga7.x86_64.rpm kernel-linus-doc-5.10.14-1.mga7.noarch.rpm kernel-linus-latest-5.10.14-1.mga7.x86_64.rpm kernel-linus-source-5.10.14-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.14-1.mga7.noarch.rpm
advisory, added to svn type: security subject: Updated kernel-linus packages fix security vulnerabilities CVE: - CVE-2021-3348 - CVE-2021-26708 src: 7: core: - kernel-linus-5.10.14-1.mga7 description: | This kernel-linus update is based on upstream 5.10.14 and fixes atleast the following security issues: nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (CVE-2021-3348). A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708). It also adds the following fixes: - make CONNECTOR builtin to enable PROC_EVENTS (mga#28312) For other upstream fixes, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=28341 - https://bugs.mageia.org/show_bug.cgi?id=28312 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14
Keywords: (none) => advisory
After update: Kernel: 5.10.14-1.mga7 x86_64 Quad Core: Intel Core i7-4790 type: MT MCP NVIDIA GM204 [GeForce GTX 970] driver: nouveau As usual this gave the user the runaround when rebooting - "There has been a display driver change". Rebooting at that stage does not help; the system goes into the same state, so it is an endless loop. Impossible to get a virtual console because two processes alternate at high frequency - the stalled boot sequence and the command-line. Since linus is incompatible with the nvidia driver the graphics driver needs to be changed at this point. The only way to break the loop is to boot to runlevel 3 and run drakx11. That is what worked here. The upshot of this is that if you are running the nvidia graphics driver install a free driver *before* rebooting. The Mate desktop came up unchanged. Thunderbird launched without destroying the user's profile (so it looks like only new versions of tbird do any damage). The rest of the desktop appears to be working OK so this will be left to run for a couple of days.
CC: (none) => tarazed25
Kernel: 5.10.14-1.mga7 x86_64 Laptop System: LENOVO product: 9541 v: Lenovo IdeaPad Y500 Quad Core: Intel Core i7-3630QM type: MT MCP NVIDIA GK107M [GeForce GT 650M] driver: nouveau Installed nouveau before updating and rebooting. Rebooted smoothly but rebuilt and installed the nvidia driver on every boot. Desktop working fine. Not spending much time on this; just stress tests and checking a few applications. No regressions noted.
thanks for the tests, flushing out
Whiteboard: (none) => MGA7-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0085.html
Status: NEW => RESOLVEDResolution: (none) => FIXED