Updated kernel packages fix security vulnerabilities

2021-07-2210:08:00

Gentoo Foundation

advisories.mageia.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

56.0%

JSON

This kernel update is based on upstream 5.10.52 and fixes at least the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root (CVE-2021-3609). A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory (CVE-2021-3655). fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user (CVE-2021-33909). Other fixes in this update: - rtl8xxxu: disable interrupt_in transfer for 8188cu and 8192cu For other upstream fixes, see the referenced changelogs.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchkernel< 5.10.52-1kernel-5.10.52-1.mga8
Mageia8noarchkmod-virtualbox< 6.1.22-1.12kmod-virtualbox-6.1.22-1.12.mga8
Mageia8noarchkmod-xtables-addons< 3.18-1.12kmod-xtables-addons-3.18-1.12.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	kernel	< 5.10.52-1	kernel-5.10.52-1.mga8
Mageia	8	noarch	kmod-virtualbox	< 6.1.22-1.12	kmod-virtualbox-6.1.22-1.12.mga8
Mageia	8	noarch	kmod-xtables-addons	< 3.18-1.12	kmod-xtables-addons-3.18-1.12.mga8