Lucene search

K
mageiaGentoo FoundationMGASA-2021-0192
HistoryApr 18, 2021 - 5:50 p.m.

Updated kernel packages fix security vulnerabilities

2021-04-1817:50:05
Gentoo Foundation
advisories.mageia.org
21

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.9%

This kernel update is based on upstream 5.10.30 and fixes at least the following security issues: nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context (CVE-2021-29154). KVM: SVM: load control fields from VMCB12 before checking them (CVE-2021-29657). It also adds the following fixes: - x86/fpu/64: Don’t FNINIT in kernel_fpu_begin() - Revert “iommu/amd: Fix performance counter initialization” - iommu/amd: Remove performance counter pre-initialization test - hwmon: (amd_energy) Add AMD family 19h model 30h x86 match - hwmon: (amd_energy) Use unified function to read energy data - hwmon: (amd_energy) Restore visibility of energy counters For other upstream fixes, see the referenced changelogs.

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.9%