Updated kernel packages fix security vulnerabilities

2021-10-0419:42:18

Gentoo Foundation

advisories.mageia.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

This kernel update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (CVE-2020-16119). oop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation (CVE-2021-41073). For other upstream fixes, see the referenced changelogs.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchkernel< 5.10.70-1kernel-5.10.70-1.mga8
Mageia8noarchkmod-virtualbox< 6.1.26-1.6kmod-virtualbox-6.1.26-1.6.mga8
Mageia8noarchkmod-xtables-addons< 3.18-1.24kmod-xtables-addons-3.18-1.24.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	kernel	< 5.10.70-1	kernel-5.10.70-1.mga8
Mageia	8	noarch	kmod-virtualbox	< 6.1.26-1.6	kmod-virtualbox-6.1.26-1.6.mga8
Mageia	8	noarch	kmod-xtables-addons	< 3.18-1.24	kmod-xtables-addons-3.18-1.24.mga8