Another day... and more security issues, including Spectre Vulnerability Bypass using unprivilegied bpf SRPM: kernel-linus-5.10.46-1.mga8.src.rpm i586: kernel-linus-5.10.46-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-5.10.46-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-latest-5.10.46-1.mga8.i586.rpm kernel-linus-doc-5.10.46-1.mga8.noarch.rpm kernel-linus-latest-5.10.46-1.mga8.i586.rpm kernel-linus-source-5.10.46-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.10.46-1.mga8.noarch.rpm x86_64: kernel-linus-5.10.46-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-5.10.46-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-latest-5.10.46-1.mga8.x86_64.rpm kernel-linus-doc-5.10.46-1.mga8.noarch.rpm kernel-linus-latest-5.10.46-1.mga8.x86_64.rpm kernel-linus-source-5.10.46-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.10.46-1.mga8.noarch.rpm
Mga 7 rpms: SRPM: kernel-linus-5.10.46-1.mga7.src.rpm i586: kernel-linus-5.10.46-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-5.10.46-1.mga7-1-1.mga7.i586.rpm kernel-linus-devel-latest-5.10.46-1.mga7.i586.rpm kernel-linus-doc-5.10.46-1.mga7.noarch.rpm kernel-linus-latest-5.10.46-1.mga7.i586.rpm kernel-linus-source-5.10.46-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.46-1.mga7.noarch.rpm x86_64: kernel-linus-5.10.46-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-5.10.46-1.mga7-1-1.mga7.x86_64.rpm kernel-linus-devel-latest-5.10.46-1.mga7.x86_64.rpm kernel-linus-doc-5.10.46-1.mga7.noarch.rpm kernel-linus-latest-5.10.46-1.mga7.x86_64.rpm kernel-linus-source-5.10.46-1.mga7-1-1.mga7.noarch.rpm kernel-linus-source-latest-5.10.46-1.mga7.noarch.rpm
Summary: Update request: kernel-linus-5.10.46-1.mga8 => Update request: kernel-linus-5.10.46-1.mga8/7Whiteboard: (none) => MGA7TOO
Advisory, added to svn: type: security subject: Updated kernel-linus packages fix security vulnerabilities CVE: - CVE-2021-33624 - CVE-2021-34693 src: 8: core: - kernel-linus-5.10.46-1.mga8 7: core: - kernel-linus-5.10.46-1.mga7 description: | This kernel-linus update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack (CVE-2021-33624). net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693). For other upstream fixes, see the referenced changelog. references: - https://bugs.mageia.org/show_bug.cgi?id=29171 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
Keywords: (none) => advisory
Kernel: 5.10.46-1.mga7 x86_64 Quad Core: Intel Core i7-4790 NVIDIA GM204 [GeForce GTX 970] driver: nouveau v: kernel This did not run smoothly. Warning of change of graphics driver during boot. Reboot did not help. Installed Xorg nouveau from virtual console and rebooted to Mate desktop. stress tests OK. teapot and glxspheres running at the native 30 Hz. Networking OK, NFS shares automounted. Sound and video OK - vlc and pavucontrol. Other desktop applications working normally. Leaving it to run for a day.
CC: (none) => tarazed25
(In reply to Len Lawrence from comment #3) > Kernel: 5.10.46-1.mga7 x86_64 > Quad Core: Intel Core i7-4790 > NVIDIA GM204 [GeForce GTX 970] driver: nouveau v: kernel > > This did not run smoothly. Warning of change of graphics driver during boot. > Reboot did not help. > Installed Xorg nouveau from virtual console and rebooted to Mate desktop. > stress tests OK. teapot and glxspheres running at the native 30 Hz. > Networking OK, NFS shares automounted. Sound and video OK - vlc and > pavucontrol. Other desktop applications working normally. Leaving it to > run for a day. I don't run into this like Len. As I already updated the -desktop one kernel first, it appears updating 29171 (-linus one) does the trick to rebuilt the nvidia nonfree driver as well. Normally, a rebuilt is done at boot time when a kernel is installed and the rebuilt as not been done before. $ inxi -SGxx System: Host: mageia.local Kernel: 5.10.46-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 Graphics: Device-1: NVIDIA TU116 [GeForce GTX 1660 Ti] vendor: Gigabyte driver: nvidia v: 460.84 bus ID: 01:00.0 chip ID: 10de:2182 Display: x11 server: Mageia X.org 1.20.11 compositor: kwin_x11 driver: modesetting,nvidia,v4l resolution: 1: 1920x1080~60Hz 2: 1920x1080 s-dpi: 80 OpenGL: renderer: GeForce GTX 1660 Ti/PCIe/SSE2 v: 4.6.0 NVIDIA 460.84 direct render: Yes $ dkms status virtualbox, 6.1.22-1.mga8, 5.10.45-desktop-2.mga8, x86_64: installed virtualbox, 6.1.22-1.mga8, 5.10.45-1.mga8, x86_64: installed virtualbox, 6.1.22-1.mga8, 5.10.46-desktop-1.mga8, x86_64: installed virtualbox, 6.1.22-1.mga8, 5.10.46-1.mga8, x86_64: installed nvidia-current, 460.84-1.mga8.nonfree, 5.10.45-desktop-2.mga8, x86_64: installed nvidia-current, 460.84-1.mga8.nonfree, 5.10.45-1.mga8, x86_64: installed nvidia-current, 460.84-1.mga8.nonfree, 5.10.46-desktop-1.mga8, x86_64: installed nvidia-current, 460.84-1.mga8.nonfree, 5.10.46-1.mga8, x86_64: installed virtualbox, 6.1.22-1.mga8, 5.10.45-desktop-2.mga8, x86_64: installed-binary from 5.10.45-desktop-2.mga8 virtualbox, 6.1.22-1.mga8, 5.10.46-desktop-1.mga8, x86_64: installed-binary from 5.10.46-desktop-1.mga8 Good to go for me. Mageia 7 ones is also OK.
CC: (none) => ouaurelien
@Aurelien re comment 4. My nvidia issue may be a result of NVIDIA dropping support for many earlier graphics cards in 2021, either Fermi or non-Fermi series, cannot remember which. If the GTX970 is one of those that would explain it. This machine has GTX1080Ti - shall try the linus kernel.
Kernel: 5.10.46-1.mga8 x86_64 10-Core Intel Core i9-7900X NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 460.84 nvidia graphics and virtualbox drivers rebuilt and installed at boot time. Request for root password to enable bluetooth after login. LAN up and running. NFS shares mounted. virtualbox launching 32 and 64-bit clients. Extract from `lscpu` (thanks Ben): Vulnerability Itlb multihit: KVM: Mitigation: VMX disabled Vulnerability L1tf: Mitigation; PTE Inversion; VMX conditional cach e flushes, SMT vulnerable Vulnerability Mds: Mitigation; Clear CPU buffers; SMT vulnerable Vulnerability Meltdown: Mitigation; PTI Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled v ia prctl and seccomp Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Vulnerability Spectre v2: Mitigation; Full generic retpoline, IBPB condit ional, IBRS_FW, STIBP conditional, RSB filling Vulnerability Srbds: Not affected Vulnerability Tsx async abort: Mitigation; Clear CPU buffers; SMT vulnerable Looks good. Leaving it up.
Keywords: (none) => validated_updateWhiteboard: MGA7TOO => MGA7TOO, MGA8-64-OK, MGA7-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0295.html
Status: NEW => RESOLVEDResolution: (none) => FIXED