MGASA-2021-0589

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0589.html

Import Source

https://advisories.mageia.org/MGASA-2021-0589.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0589

Related

Published

2021-12-29T19:12:56Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel-linus packages fix security vulnerabilities

Details

This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues:

netdevsim: Zero-initialize memory for new map's value in function nsimbpfmap_alloc (CVE-2021-4135).

Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests, even though this ought to have been prevented by containing them within a driver domain. This update fixes the issue tracked as XSA-391: blkfront (CVE-2021-28711), netfront (CVE-2021-28712), hvc_xen (CVE-2021-28713).

The Linux kernel's xen-netback backend driver can be forced by guests to queue arbitrary amounts of network data, finally causing an out of memory situation in the domain the backend is running in (usually dom0). This update fixes the issues tracked as XSA-392 (CVE-2021-28714, CVE-2021-28715).

rds: memory leak in _rdsconn_create() (CVE-2021-45480).

For other upstream fixes, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / kernel-linus

Package

Name: kernel-linus
Purl: pkg:rpm/mageia/kernel-linus?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.11-1.mga8

Ecosystem specific

{
    "section": "core"
}