Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0459)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0459

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0459)

Resumen: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0459 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0459 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.10.70 and fixes at least the
following security issues:

Use-after-free vulnerability in the Linux kernel exploitable by a local
attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid
object as a listener after being released (CVE-2020-16119).

oop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows
local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger
a free of a kernel buffer, as demonstrated by using /proc//maps for
exploitation (CVE-2021-41073).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-16119
https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Debian Security Information: DSA-4978 (Google Search)
https://www.debian.org/security/2021/dsa-4978
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695
https://launchpad.net/bugs/1883840
https://ubuntu.com/USN-4576-1
https://ubuntu.com/USN-4577-1
https://ubuntu.com/USN-4578-1
https://ubuntu.com/USN-4579-1
https://ubuntu.com/USN-4580-1
Common Vulnerability Exposure (CVE) ID: CVE-2021-41073
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/
http://www.openwall.com/lists/oss-security/2021/09/18/2
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc
http://www.openwall.com/lists/oss-security/2022/06/04/4

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0459
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0459)
Resumen:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0459 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0459 advisory. Vulnerability Insight: This kernel update is based on upstream 5.10.70 and fixes at least the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (CVE-2020-16119). oop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation (CVE-2021-41073). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16119 https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695 https://launchpad.net/bugs/1883840 https://ubuntu.com/USN-4576-1 https://ubuntu.com/USN-4577-1 https://ubuntu.com/USN-4578-1 https://ubuntu.com/USN-4579-1 https://ubuntu.com/USN-4580-1 Common Vulnerability Exposure (CVE) ID: CVE-2021-41073 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/ http://www.openwall.com/lists/oss-security/2021/09/18/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc http://www.openwall.com/lists/oss-security/2022/06/04/4
Copyright	Copyright (C) 2022 Greenbone AG