Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0084)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0084

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0084)

Resumen: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0084 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0084 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.10.14 and fixes at least the
following security issues:

A local privilege escalation was discovered in the Linux kernel before
5.10.13. Multiple race conditions in the AF_VSOCK implementation are
caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).

It also adds the following fixes:
- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)
- drm/amd/display: Revert 'Fix EDID parsing after resume from suspend'
- drm/amdgpu: fix the issue that retry constantly once the buffer is oversize
- drm/amdgpu: set default value of noretry to 1 for vega10
- drm/amdgpu: default noretry=0 for navi1x and newer
- drm/amdkfd: fix null pointer panic while free buffer in kfd
- mm: thp: fix MADV_REMOVE deadlock on shmem THP

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-26708
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446
https://www.openwall.com/lists/oss-security/2021/02/04/5
http://www.openwall.com/lists/oss-security/2021/02/05/6
http://www.openwall.com/lists/oss-security/2021/04/09/2
http://www.openwall.com/lists/oss-security/2022/01/25/14

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0084
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0084)
Resumen:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0084 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0084 advisory. Vulnerability Insight: This kernel update is based on upstream 5.10.14 and fixes at least the following security issues: A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708). It also adds the following fixes: - make CONNECTOR builtin to enable PROC_EVENTS (mga#28312) - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' - drm/amdgpu: fix the issue that retry constantly once the buffer is oversize - drm/amdgpu: set default value of noretry to 1 for vega10 - drm/amdgpu: default noretry=0 for navi1x and newer - drm/amdkfd: fix null pointer panic while free buffer in kfd - mm: thp: fix MADV_REMOVE deadlock on shmem THP For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-26708 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 https://www.openwall.com/lists/oss-security/2021/02/04/5 http://www.openwall.com/lists/oss-security/2021/02/05/6 http://www.openwall.com/lists/oss-security/2021/04/09/2 http://www.openwall.com/lists/oss-security/2022/01/25/14
Copyright	Copyright (C) 2022 Greenbone AG