Bug 29435 - Update request: kernel-5.10.62-1.mga8
Summary: Update request: kernel-5.10.62-1.mga8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: High major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK, MGA8-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 29426
  Show dependency treegraph
 
Reported: 2021-09-03 19:53 CEST by Thomas Backlund
Modified: 2021-09-08 11:24 CEST (History)
7 users (show)

See Also:
Source RPM: kernel
CVE:
Status comment:


Attachments

Description Thomas Backlund 2021-09-03 19:53:25 CEST
Security and bugfixes, advisory will follow...

SRPMS:
kernel-5.10.62-1.mga8.src.rpm
kmod-virtualbox-6.1.26-1.4.mga8.src.rpm
kmod-xtables-addons-3.18-1.22.mga8.src.rpm



i586:
bpftool-5.10.62-1.mga8.i586.rpm
cpupower-5.10.62-1.mga8.i586.rpm
cpupower-devel-5.10.62-1.mga8.i586.rpm
kernel-desktop-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-latest-5.10.62-1.mga8.i586.rpm
kernel-desktop586-latest-5.10.62-1.mga8.i586.rpm
kernel-desktop-devel-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-latest-5.10.62-1.mga8.i586.rpm
kernel-desktop-latest-5.10.62-1.mga8.i586.rpm
kernel-doc-5.10.62-1.mga8.noarch.rpm
kernel-server-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-latest-5.10.62-1.mga8.i586.rpm
kernel-server-latest-5.10.62-1.mga8.i586.rpm
kernel-source-5.10.62-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.62-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.62-1.mga8.i586.rpm
libbpf0-5.10.62-1.mga8.i586.rpm
libbpf-devel-5.10.62-1.mga8.i586.rpm
perf-5.10.62-1.mga8.i586.rpm

xtables-addons-kernel-5.10.62-desktop-1.mga8-3.18-1.22.mga8.i586.rpm
xtables-addons-kernel-5.10.62-desktop586-1.mga8-3.18-1.22.mga8.i586.rpm
xtables-addons-kernel-5.10.62-server-1.mga8-3.18-1.22.mga8.i586.rpm
xtables-addons-kernel-desktop586-latest-3.18-1.22.mga8.i586.rpm
xtables-addons-kernel-desktop-latest-3.18-1.22.mga8.i586.rpm
xtables-addons-kernel-server-latest-3.18-1.22.mga8.i586.rpm



x86_64:
bpftool-5.10.62-1.mga8.x86_64.rpm
cpupower-5.10.62-1.mga8.x86_64.rpm
cpupower-devel-5.10.62-1.mga8.x86_64.rpm
kernel-desktop-5.10.62-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-5.10.62-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-latest-5.10.62-1.mga8.x86_64.rpm
kernel-desktop-latest-5.10.62-1.mga8.x86_64.rpm
kernel-doc-5.10.62-1.mga8.noarch.rpm
kernel-server-5.10.62-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-5.10.62-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-latest-5.10.62-1.mga8.x86_64.rpm
kernel-server-latest-5.10.62-1.mga8.x86_64.rpm
kernel-source-5.10.62-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.10.62-1.mga8.noarch.rpm
kernel-userspace-headers-5.10.62-1.mga8.x86_64.rpm
lib64bpf0-5.10.62-1.mga8.x86_64.rpm
lib64bpf-devel-5.10.62-1.mga8.x86_64.rpm
perf-5.10.62-1.mga8.x86_64.rpm

virtualbox-kernel-5.10.62-desktop-1.mga8-6.1.26-1.4.mga8.x86_64.rpm
virtualbox-kernel-5.10.62-server-1.mga8-6.1.26-1.4.mga8.x86_64.rpm
virtualbox-kernel-desktop-latest-6.1.26-1.4.mga8.x86_64.rpm
virtualbox-kernel-server-latest-6.1.26-1.4.mga8.x86_64.rpm

xtables-addons-kernel-5.10.62-desktop-1.mga8-3.18-1.22.mga8.x86_64.rpm
xtables-addons-kernel-5.10.62-server-1.mga8-3.18-1.22.mga8.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.18-1.22.mga8.x86_64.rpm
xtables-addons-kernel-server-latest-3.18-1.22.mga8.x86_64.rpm
Thomas Backlund 2021-09-03 19:54:14 CEST

Blocks: (none) => 29426
Priority: Normal => High

Comment 1 Dave Hodgins 2021-09-03 20:53:00 CEST
Ok on two x86_64 bios systems, an x86_64 efi laptop, and an aarch64 RPI 4B,
an i586 vb guest and an x86_64 vb guest

CC: (none) => davidwhodgins

Comment 2 Morgan Leijström 2021-09-04 15:13:35 CEST
Mga8-64 OK here

Was running backport kernel 5.13.12-desktop-2.mga8.
downgraded cpupower and kernel-userspace-headers,
installed -5.10.62-1.mga8 kernel-desktop, kernel-desktop-devel, virtualbox-kernel desktop 

$ uname -a
Linux svarten.tribun 5.10.62-desktop-1.mga8 #1 SMP Fri Sep 3 14:47:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[morgan@svarten ~]$ dkms status

Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner

dkms status tells me VirtualBox and nvidia-current are OK.
BOINC detects CUDA and OpenCL

Been using it now and then today
Plasma desktop, using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, Firefox ESR, flatpak Firefox...
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chrome, nor Firefox ESR but do in flatpak version.

VirtualBox running MSW7 64 bit OK: graphics, window resize, bidirectional clipboard, drag file from Dolphin to Explorer, folder sharing write protected and not, folder sharing, USB2 with plugin from upstream using USB stick and Galep5 chip programmer, internet video playing in Firefox and Chrome.  May favourite video site svtplay.se seem to be a bit less fluid, but i blame the automatic update of Firefox to 91 on windows, same content is OK in Mageia Firefox 91.

CC: (none) => fri

Comment 3 Thomas Backlund 2021-09-04 17:30:48 CEST
Advisory, added to svn:

subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2021-3640
 - CVE-2021-3739
 - CVE-2021-3743
 - CVE-2021-3753
src:
  8:
   core:
     - kernel-5.10.62-1.mga8
     - kmod-virtualbox-6.1.26-1.4.mga8
     - kmod-xtables-addons-3.18-1.22.mga8
description: |
  This kernel update is based on upstream 5.10.62 and fixes atleast the
  following security issues:

  A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel
  HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or
  other way triggers race condition of the call sco_conn_del() together with
  the call sco_sock_sendmsg() with the expected controllable faulting memory
  page. A privileged local user could use this flaw to crash the system or
  escalate their privileges on the system (CVE-2021-3640).

  A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference
  in btrfs code (CVE-2021-3739).

  there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c
  (CVE-2021-3743).

  An out-of-bounds read due to a race condition has been found in the Linux
  kernel due to write access to vc_mode is not protected by a lock in vt_ioctl
  (KDSETMDE) (CVE-2021-3753).

  Other fixes in this update:
  - audio stopped working with the update to kernel 5.10.60 released in
    MGASA-2021-0409 (mga#29426).
  - x86/ACPI/State: Optimize C3 entry on AMD CPUs
  - ext4: fix race writing to an inline_data file while its xattrs are
    changing
  - fscrypt: add fscrypt_symlink_getattr() for computing st_size
  - ext4: report correct st_size for encrypted symlinks
  - f2fs: report correct st_size for encrypted symlinks
  - ubifs: report correct st_size for encrypted symlinks

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29435
 - https://bugs.mageia.org/show_bug.cgi?id=29426

Keywords: (none) => advisory

Comment 4 Brian Rockwell 2021-09-04 18:17:22 CEST
Dell Chromebook 11 (experienced loss of audio in .60)

intel celeron n2840 
 

installed
cpupower-5.10.62-1
kernel-desktop-5.10.62-1
kernel-desktop-latest

rebooted

---

$ uname -a
Linux localhost 5.10.62-desktop-1.mga8 #1 SMP Fri Sep 3 14:47:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

- firefox, libreaoffice, audio is working
- suspend works
- wifi and bluetooth work

looks good on the

CC: (none) => brtians1

Comment 5 Brian Rockwell 2021-09-04 18:36:30 CEST
MGA8 - 64bit, Gnome 
AMD A6-9225 RADEON R4

cpupower
kernel-desktop-latest

rebooted

-----

 uname -a
Linux localhost.localdomain 5.10.62-desktop-1.mga8 #1 SMP Fri Sep 3 14:47:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

---

firefox
RhythmBox
libreoffice 
vlc

all working

----

suspend works
audio works

nothing indicating issues.
Comment 6 Brian Rockwell 2021-09-04 19:41:45 CEST
MGA8 - 64, AMD x3-450, nvidia 390 (730GT), Xfce

The following 5 packages are going to be installed:

- cpupower-5.10.62-1.mga8.x86_64
- kernel-desktop-5.10.62-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.10.62-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.10.62-1.mga8.x86_64
- kernel-desktop-latest-5.10.62-1.mga8.x86_64


--- rebooted ----

# uname -a
Linux localhost.localdomain 5.10.62-desktop-1.mga8 #1 SMP Fri Sep 3 14:47:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Firefox, audio, exaile, nextcloud-client are all working

# lsmod | grep nvidia
nvidia_uvm            925696  0
nvidia_drm             53248  1
drm_kms_helper        270336  1 nvidia_drm
nvidia_modeset       1056768  11 nvidia_drm
nvidia              15831040  451 nvidia_uvm,nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm                   606208  4 drm_kms_helper,nvidia_drm

nvidia driver being used


Working for me.
Comment 7 Brian Rockwell 2021-09-04 19:47:23 CEST
MGA8 - 32bit, Mate, X2-3800, Nouveau driver

Used as a Nextcloud server for testing

The following 3 packages are going to be installed:

- cpupower-5.10.62-1.mga8.i586
- kernel-server-5.10.62-1.mga8-1-1.mga8.i586
- kernel-server-latest-5.10.62-1.mga8.i586

-- rebooted

$ uname -a
Linux localhost.localdomain 5.10.62-server-1.mga8 #1 SMP Fri Sep 3 15:20:03 UTC 2021 i686 i686 i386 GNU/Linux

able to server nextcloud requests

- working as designed for me.
Comment 8 Guillaume Royer 2021-09-04 20:48:34 CEST
MGA8 XFCE 64 4Go RAM Core I3. Graphique card Nvidia GEForce 520M optimius Technology Driver 390 non free. Driver Broadcom Wifi card non free.

Updated kernel with QA Repo.

After reboot:

Bluetooth OK and sound OK
Switching with mageia-prime OK

=======================================

MGA8 LXQt VM

Update with QA Repo:

Ok after reboot.

======================================
ASUS Transformer T100ATA 2Go RAM

Updated kernel with QA Repo:

After reboot all is OK.

Sound works well, It didn't work wit kernel 5.10.60

CC: (none) => guillaume.royer

Comment 9 Len Lawrence 2021-09-05 02:14:41 CEST
Kernel: 5.10.62-desktop-1.mga8 x86_64
Quad Core Intel Core i7-4790
NVIDIA GM204 [GeForce GTX 970]
driver: nvidia v: 460.84

Installed smoothly and rebooted to Mate.
Everything running as expected, NFS shares mounted already.
Virtualbox running x64 and x32 clients.

CC: (none) => tarazed25

Comment 10 Len Lawrence 2021-09-05 20:27:05 CEST
mga8, x64

Mobo: ASUSTeK model: TUF X299
10-Core Intel Core i9-7900X
NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 460.84
Intel Ethernet I219-V driver: e1000e
31 GB RAM

Installed desktop kernel and rebooted to Mate.
Everything in place, NFS shares mounted.
Rebuilt virtualbox driver.  Launched 64-bit and 32-bit guests.
Performed an upgrade of the 32-bit guest from mga7 to mga8.
Comment 11 Brian Rockwell 2021-09-06 22:40:04 CEST
‎AMD A6-3420M APU, Xfce
Radeon HD 6520G

The following 3 packages are going to be installed:

- cpupower-5.10.62-1.mga8.x86_64
- kernel-desktop-5.10.62-1.mga8-1-1.mga8.x86_64
- kernel-desktop-latest-5.10.62-1.mga8.x86_64

---rebootted----


- Firefox, audio, libreoffice working fine
- as usual suspend doesn't work on this system, but hibernate will
Comment 12 Thomas Andrews 2021-09-08 00:24:44 CEST
HP Probook 6550b, i3, Intel graphics, Intel wifi. Also a desktop system, i5-2500, Intel graphics, wired Internet. Both systems are 64-bit Plasma, using the desktop kernel.

No installation issues. Tried several things on both, including VirtualBox with a Windows 7 guest. No issues noted.

CC: (none) => andrewsfarm

Comment 13 Thomas Andrews 2021-09-08 03:57:54 CEST
Dell Inspiron 5100, 32-bit P4, Radeon RV200 graphics, Atheros wifi, 32-bit Xfce system using the desktop kernel.

No installation issues, and no regressions noted after the reboot.
Comment 14 Thomas Backlund 2021-09-08 10:55:48 CEST
Thanks for the tests, flushing out

Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 15 Mageia Robot 2021-09-08 11:24:58 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0418.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.