MGASA-2021-0296
- Source
- https://advisories.mageia.org/MGASA-2021-0296.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0296.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0296
- Related
- Published
- 2021-06-28T21:16:35Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel packages fix security vulnerabilities
- Details
-
This kernel update is based on upstream 5.10.46 and fixes at least the following security issues:
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack (CVE-2021-33624).
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693).
For other upstream fixes, see the referenced changelog.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-7
Mageia:7 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7
Mageia:7 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7
Mageia:8 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-8
Mageia:8 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-8
Mageia:8 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-8