Bug 28470 - Update request: kernel-5.10.19-1.mga8
Summary: Update request: kernel-5.10.19-1.mga8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 28429
  Show dependency treegraph
 
Reported: 2021-02-27 15:12 CET by Thomas Backlund
Modified: 2021-03-04 13:28 CET (History)
3 users (show)

See Also:
Source RPM: kernel
CVE:
Status comment:


Attachments

Description Thomas Backlund 2021-02-27 15:12:37 CET
Security and bug fixes, advisory will follow...

SRPMS:
kernel-5.10.19-1.mga8.src.rpm
kmod-virtualbox-6.1.18-17.mga8.src.rpm
kmod-xtables-addons-3.13-33.mga8.src.rpm



i586:
bpftool-5.10.19-1.mga8.i586.rpm
cpupower-5.10.19-1.mga8.i586.rpm
cpupower-devel-5.10.19-1.mga8.i586.rpm
kernel-desktop-5.10.19-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-5.10.19-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-5.10.19-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-latest-5.10.19-1.mga8.i586.rpm
kernel-desktop586-latest-5.10.19-1.mga8.i586.rpm
kernel-desktop-devel-5.10.19-1.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-latest-5.10.19-1.mga8.i586.rpm
kernel-desktop-latest-5.10.19-1.mga8.i586.rpm
kernel-doc-5.10.19-1.mga8.noarch.rpm
kernel-server-5.10.19-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-5.10.19-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-latest-5.10.19-1.mga8.i586.rpm
kernel-server-latest-5.10.19-1.mga8.i586.rpm
kernel-source-5.10.19-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.19-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.19-1.mga8.i586.rpm
libbpf0-5.10.19-1.mga8.i586.rpm
libbpf-devel-5.10.19-1.mga8.i586.rpm
perf-5.10.19-1.mga8.i586.rpm

xtables-addons-kernel-5.10.19-desktop-1.mga8-3.13-33.mga8.i586.rpm
xtables-addons-kernel-5.10.19-desktop586-1.mga8-3.13-33.mga8.i586.rpm
xtables-addons-kernel-5.10.19-server-1.mga8-3.13-33.mga8.i586.rpm
xtables-addons-kernel-desktop586-latest-3.13-33.mga8.i586.rpm
xtables-addons-kernel-desktop-latest-3.13-33.mga8.i586.rpm
xtables-addons-kernel-server-latest-3.13-33.mga8.i586.rpm



x86_64:
bpftool-5.10.19-1.mga8.x86_64.rpm
cpupower-5.10.19-1.mga8.x86_64.rpm
cpupower-devel-5.10.19-1.mga8.x86_64.rpm
kernel-desktop-5.10.19-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-5.10.19-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-latest-5.10.19-1.mga8.x86_64.rpm
kernel-desktop-latest-5.10.19-1.mga8.x86_64.rpm
kernel-doc-5.10.19-1.mga8.noarch.rpm
kernel-server-5.10.19-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-5.10.19-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-latest-5.10.19-1.mga8.x86_64.rpm
kernel-server-latest-5.10.19-1.mga8.x86_64.rpm
kernel-source-5.10.19-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.19-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.19-1.mga8.x86_64.rpm
lib64bpf0-5.10.19-1.mga8.x86_64.rpm
lib64bpf-devel-5.10.19-1.mga8.x86_64.rpm
perf-5.10.19-1.mga8.x86_64.rpm

virtualbox-kernel-5.10.19-desktop-1.mga8-6.1.18-17.mga8.x86_64.rpm
virtualbox-kernel-5.10.19-server-1.mga8-6.1.18-17.mga8.x86_64.rpm
virtualbox-kernel-desktop-latest-6.1.18-17.mga8.x86_64.rpm
virtualbox-kernel-server-latest-6.1.18-17.mga8.x86_64.rpm

xtables-addons-kernel-5.10.19-desktop-1.mga8-3.13-33.mga8.x86_64.rpm
xtables-addons-kernel-5.10.19-server-1.mga8-3.13-33.mga8.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.13-33.mga8.x86_64.rpm
xtables-addons-kernel-server-latest-3.13-33.mga8.x86_64.rpm
Comment 1 Aurelien Oudelet 2021-03-01 14:43:56 CET
MGA8 x86_64 on Core i5 6600K with 16 Go DDR4,
Nvidia Geforce GTX 1660 Ti using nvidia-current

Updating to kernel 5.10.19-1.mga8

x11-driver-video-nvidia-current-460.56-1.mga8.nonfree.x86_64
nvidia-current-cuda-opencl-460.56-1.mga8.nonfree.x86_64
kernel-userspace-headers-5.10.19-1.mga8.x86_64
kernel-firmware-nonfree-20210223-1.mga8.nonfree.noarch
iwlwifi-firmware-20210223-1.mga8.nonfree.noarch
virtualbox-kernel-desktop-latest-6.1.18-17.mga8.x86_64
virtualbox-kernel-5.10.19-desktop-1.mga8-6.1.18-17.mga8.x86_64
kernel-desktop-latest-5.10.19-1.mga8.x86_64
kernel-desktop-5.10.19-1.mga8-1-1.mga8.x86_64
rtlwifi-firmware-20210223-1.mga8.nonfree.noarch
nvidia-current-doc-html-460.56-1.mga8.nonfree.x86_64
cpupower-5.10.19-1.mga8.x86_64
ralink-firmware-20210223-1.mga8.nonfree.noarch
kernel-desktop-devel-latest-5.10.19-1.mga8.x86_64
kernel-desktop-devel-5.10.19-1.mga8-1-1.mga8.x86_64
nvidia-current-utils-460.56-1.mga8.nonfree.x86_64
dkms-nvidia-current-460.56-1.mga8.nonfree.x86_64
ldetect-lst-0.6.26.1-1.mga8.x86_64

Success. DKMS recompile OK.

Stable system, All usage, WiFI, Network, USB, Bluetooth, 3D/openGL OK
No errors in system journal.

MGA8-64-OK

Need an advisory if security or bugfix.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => ouaurelien

Aurelien Oudelet 2021-03-01 14:49:05 CET

Blocks: (none) => 28429

Comment 2 Thomas Backlund 2021-03-01 17:30:18 CET
advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2021-26930
 - CVE-2021-26931
 - CVE-2021-26932
src:
  8:
   core:
     - kernel-5.10.19-1.mga8
     - kmod-virtualbox-6.1.18-17.mga8
     - kmod-xtables-addons-3.13-33.mga8
description: |
  This kernel update is based on upstream 5.10.19 and fixes atleast the
  following security issues:

  An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used
  by Xen. To service requests to the PV backend, the driver maps grant
  references provided by the frontend. In this process, errors may be
  encountered. In one case, an error encountered earlier might be
  discarded by later processing, resulting in the caller assuming
  successful mapping, and hence subsequent operations trying to access
  space that wasn't mapped. In another case, internal state would be
  insufficiently updated, preventing safe recovery from the error
  (CVE-2021-26930).

  An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as
  used in Xen. Block, net, and SCSI backends consider certain errors a
  plain bug, deliberately causing a kernel crash. For errors potentially
  being at least under the influence of guests (such as out of memory
  conditions), it isn't correct to assume a plain bug. Memory allocations
  potentially causing such crashes occur only when Linux is running in
  PV mode, though (CVE-2021-26931).

  An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used
  by Xen. Grant mapping operations often occur in batch hypercalls, where
  a number of operations are done in a single hypercall, the success or
  failure of each one is reported to the backend driver, and the backend
  driver then loops over the results, performing follow-up actions based
  on the success or failure of each operation. Unfortunately, when running
  in PV mode, the Linux backend drivers mishandle this: Some errors are
  ignored, effectively implying their success from the success of related
  batch elements. In other cases, errors resulting from one batch element
  lead to further batch elements not being inspected, and hence successful
  ones to not be possible to properly unmap upon error recovery. Only
  systems with Linux backends running in PV mode are vulnerable. Linux
  backends run in HVM / PVH modes are not vulnerable (CVE-2021-26932).

  It also adds the following fixes:
  - enable ACPI_EC_DEBUGFS (mga#28415)
  - drop "revert 'Bluetooth: btusb: Add Qualcomm Bluetooth SoC WCN6855
    support' (mga#27910)"
  - Bluetooth: btusb: fix for Qualcomm Bluetooth adapters that stopped working
    due to not finding (unneeded) ROME firmware (real fix for mga#27910)
  - media: uvcvideo: Allow entities with no pads
  - mm/vmscan: restore zone_reclaim_mode ABI
  - nvme: Add quirks for Lexar 256GB SSD (pterjan, mga#28417)
  - nvme: add 48-bit DMA address quirk for Amazon NVMe controllers
  - nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a SPCC device
  - staging/rtl8723bs: sync with 5.12-rc1 (mga#28429)
  - x86: fix seq_file iteration for pat/memtype.c

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28470
 - https://bugs.mageia.org/show_bug.cgi?id=28435
 - https://bugs.mageia.org/show_bug.cgi?id=28429
 - https://bugs.mageia.org/show_bug.cgi?id=28417
 - https://bugs.mageia.org/show_bug.cgi?id=28415
 - https://bugs.mageia.org/show_bug.cgi?id=27910
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.17
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.18
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.19

Keywords: (none) => advisory

Comment 3 Brian Rockwell 2021-03-01 19:55:51 CET
AMD x3, gnome, nvidia 390 driver

The following 5 packages are going to be installed:

- cpupower-5.10.19-1.mga8.x86_64
- kernel-desktop-5.10.19-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.10.19-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.10.19-1.mga8.x86_64
- kernel-desktop-latest-5.10.19-1.mga8.x86_64

rebooted

$ uname -a
Linux localhost 5.10.19-desktop-1.mga8 #1 SMP Fri Feb 26 22:25:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

# lsmod | grep nvidia
nvidia_uvm            925696  0
nvidia_drm             53248  1
drm_kms_helper        270336  1 nvidia_drm
nvidia_modeset       1056768  5 nvidia_drm
nvidia              15831040  184 nvidia_uvm,nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm                   606208  4 drm_kms_helper,nvidia_drm

CC: (none) => brtians1

Comment 4 Brian Rockwell 2021-03-03 23:12:11 CET
AMD A6 - R4 graphics - Gnome 

after installation and reboot

$ uname -a
Linux localhost 5.10.19-desktop-1.mga8 #1 SMP Fri Feb 26 22:25:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

system sleeps properly
applications are working
Comment 5 Aurelien Oudelet 2021-03-04 11:55:30 CET
Validating.
Advisory already pushed.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2021-03-04 13:28:19 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0101.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.