| Description: | Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0192 advisory.
Vulnerability Insight:
This kernel update is based on upstream 5.10.30 and fixes at least the
following security issues:
nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670)
nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671)
nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672)
firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483)
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect
computation of branch displacements, allowing them to execute arbitrary
code within the kernel context (CVE-2021-29154).
KVM: SVM: load control fields from VMCB12 before checking them
(CVE-2021-29657).
It also adds the following fixes:
- x86/fpu/64: Don't FNINIT in kernel_fpu_begin()
- Revert 'iommu/amd: Fix performance counter initialization'
- iommu/amd: Remove performance counter pre-initialization test
- hwmon: (amd_energy) Add AMD family 19h model 30h x86 match
- hwmon: (amd_energy) Use unified function to read energy data
- hwmon: (amd_energy) Restore visibility of energy counters
For other upstream fixes, see the referenced changelogs.
Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7, Mageia 8.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
