MGASA-2021-0151
- Source
- https://advisories.mageia.org/MGASA-2021-0151.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0151.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0151
- Related
- Published
- 2021-03-22T17:17:19Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel packages fix security issues
- Details
-
This kernel update is based on upstream 5.10.25 and fixes at least the following security issues:
Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location within the kernel memory. This can be abused to extract contents of kernel memory via side-channel (CVE-2020-27170).
Unprivileged BPF programs running on affected 64-bit systems can exploit this to execute speculatively out-of-bounds loads from 4GB window within the kernel memory. This can be abused to extract contents of kernel memory via side-channel (CVE-2020-27171).
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsitransport/$TRANSPORTNAME/handle. When read, the showtransporthandle function (in drivers/scsi/scsitransportiscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsitransport struct in the kernel module's global variables (CVE-2021-27363).
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/ scsitransportiscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages (CVE-2021-27364).
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (CVE-2021-27365).
An issue was discovered in the Linux kernel through 5.11.6. fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages (CVE-2021-28375).
It also adds the following fixes: - arm(64): enable W1MASTERGPIO (mga#28596) - wireguard-tools have been updated to v1.0.20210315
For other upstream fixes, see the referenced changelogs.
- References
-
- https://advisories.mageia.org/MGASA-2021-0151.html
- https://bugs.mageia.org/show_bug.cgi?id=28610
- https://bugs.mageia.org/show_bug.cgi?id=28596
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.21
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.22
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.23
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.24
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.25
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-8
Mageia:8 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-8
Mageia:8 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-8
Mageia:8 / wireguard-tools
Package
- Name
- wireguard-tools
- Purl
- pkg:rpm/mageia/wireguard-tools?distro=mageia-8
Mageia:7 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-7
Mageia:7 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7
Mageia:7 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7
Mageia:7 / wireguard-tools
Package
- Name
- wireguard-tools
- Purl
- pkg:rpm/mageia/wireguard-tools?distro=mageia-7