MGASA-2021-0507

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0507.html

Import Source

https://advisories.mageia.org/MGASA-2021-0507.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0507

Related

Published

2021-11-11T15:02:40Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on upstream 5.10.78 and fixes at least the following security issues:

A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability (CVE-2021-3760).

A flaw in the SCTP stack where a blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses (CVE-2021-3772).

A flaw heap buffer overflow in the Linux kernel's AMD Radeon graphics card driver was found in the way user writes some malicious data to the AMD GPU Display Driver Debug Filesystem (to the VGA sub-directory of the /sys/kernel/debug/ directory). A local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-42327).

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avccapmt mishandles bounds checking (CVE-2021-42739).

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system (CVE-2021-43267).

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c (CVE-2021-43389).

wireguard-tools are updated to 1.0.20210914.

For other upstream fixes, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.78-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.28-1.4.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18-1.28.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.20210914-1.mga8

Ecosystem specific

{
    "section": "core"
}