Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0460
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0460)
Zusammenfassung:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0460 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0460 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (CVE-2020-16119). A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13 (CVE-2021-40490). oop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation (CVE-2021-41073). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16119 https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695 https://launchpad.net/bugs/1883840 https://ubuntu.com/USN-4576-1 https://ubuntu.com/USN-4577-1 https://ubuntu.com/USN-4578-1 https://ubuntu.com/USN-4579-1 https://ubuntu.com/USN-4580-1 Common Vulnerability Exposure (CVE) ID: CVE-2021-40490 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA/ https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa Common Vulnerability Exposure (CVE) ID: CVE-2021-41073 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/ http://www.openwall.com/lists/oss-security/2021/09/18/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc http://www.openwall.com/lists/oss-security/2022/06/04/4
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.