Lucene search

K
mageiaGentoo FoundationMGASA-2021-0489
HistoryOct 25, 2021 - 6:49 p.m.

Updated kernel packages fix security vulnerabilities

2021-10-2518:49:26
Gentoo Foundation
advisories.mageia.org
12

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.2%

This kernel update is based on upstream 5.10.75 and fixes at least the following security issues: A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a denial of service (memory consumption) (CVE-2021-3744). A memory leak flaw was found in the Linux kernel’s ccp_run_aes_gcm_cmd() function that allows an malicious user to cause a denial of service (CVE-2021-3764). A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system (CVE-2021-20321). prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (CVE-2021-41864). For other upstream fixes, see the referenced changelogs.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.2%