Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0539)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0539

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0539)

Resumen: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0539 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0539 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.15.6 and fixes at least the
following security issues:

A vulnerability was found in Linux kernel, where a use-after-frees in
nouveau's postclose() handler could happen if removing device (that is
not common to remove video card physically without power-off, but same
happens if 'unbind' the driver) (CVE-2020-27820).

A race condition when the eBPF map is frozen (CVE-2021-4001).

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found
in the way the user maps some regions of memory twice using shmget() which
are aligned to PUD alignment with the fault of some of the memory pages.
A local user could use this flaw to get unauthorized access to some data
(CVE-2021-4002).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel-linus' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:C/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-27820
https://bugzilla.redhat.com/show_bug.cgi?id=1901726
https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/
https://www.oracle.com/security-alerts/cpujul2022.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-4001
https://bugzilla.redhat.com/show_bug.cgi?id=2025645
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53
Common Vulnerability Exposure (CVE) ID: CVE-2021-4002
Debian Security Information: DSA-5096 (Google Search)
https://www.debian.org/security/2022/dsa-5096
https://bugzilla.redhat.com/show_bug.cgi?id=2025726
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890
https://www.openwall.com/lists/oss-security/2021/11/25/1
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0539
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0539)
Resumen:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0539 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0539 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (CVE-2020-27820). A race condition when the eBPF map is frozen (CVE-2021-4001). A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data (CVE-2021-4002). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-27820 https://bugzilla.redhat.com/show_bug.cgi?id=1901726 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/ https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/ https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/ https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2025645 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53 Common Vulnerability Exposure (CVE) ID: CVE-2021-4002 Debian Security Information: DSA-5096 (Google Search) https://www.debian.org/security/2022/dsa-5096 https://bugzilla.redhat.com/show_bug.cgi?id=2025726 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 https://www.openwall.com/lists/oss-security/2021/11/25/1 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Copyright	Copyright (C) 2022 Greenbone AG