 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2021.0214 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2021-0214) |
| Summary: | The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0214 advisory. |
| Description: | Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0214 advisory. Vulnerability Insight: This kernel update is based on upstream 5.10.37 and fixes at least the following security issues: It was discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code (CVE-2021-3491). An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information (CVE-2021-3506). A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. NOTE! This already had a fix in kernel-5.10.33, but that fix caused some systems to deadlock, so this is now fixed in a better way (CVE-2021-23133). bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds (CVE-2021-31440). kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel (CVE-2021-31829). net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller (CVE-2021-32399). In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan. This leads to writing an arbitrary value. (CVE-2021-33034). Other fixes in this update: - Revert upstream iommu/vt-d fixes causing systems to hang at boot: * 'iommu/vt-d: Preset Access/Dirty bits for IOVA over FL' * 'iommu/vt-d: Remove WO permissions on second-level paging entries' - Revert 'irqbypass: do not start cons/prod when failed connect' as it may cause VM freeze on arm64 with GICv4 - ACPI / EC: Fix media keys not working problem on more Asus laptops - ACPI: PM: Add ACPI ID of Alder Lake Fan - iwlwifi: add new pci id for 6235 - usb: xhci: Add reset resume quirk for AMD xhci controller - usb: xhci: Increase timeout for HC halt For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-23133 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b https://www.openwall.com/lists/oss-security/2021/04/18/2 https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html http://www.openwall.com/lists/oss-security/2021/05/10/1 http://www.openwall.com/lists/oss-security/2021/05/10/2 http://www.openwall.com/lists/oss-security/2021/05/10/3 http://www.openwall.com/lists/oss-security/2021/05/10/4 Common Vulnerability Exposure (CVE) ID: CVE-2021-31440 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36 https://www.zerodayinitiative.com/advisories/ZDI-21-503/ Common Vulnerability Exposure (CVE) ID: CVE-2021-31829 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/ http://www.openwall.com/lists/oss-security/2021/05/04/4 https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f Common Vulnerability Exposure (CVE) ID: CVE-2021-32399 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80 http://www.openwall.com/lists/oss-security/2021/05/11/2 Common Vulnerability Exposure (CVE) ID: CVE-2021-33034 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3491 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db https://www.zerodayinitiative.com/advisories/ZDI-21-589/ https://www.openwall.com/lists/oss-security/2021/05/11/13 https://ubuntu.com/security/notices/USN-4949-1 https://ubuntu.com/security/notices/USN-4950-1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3506 https://bugzilla.redhat.com/show_bug.cgi?id=1944298 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html https://www.openwall.com/lists/oss-security/2021/03/28/2 http://www.openwall.com/lists/oss-security/2021/05/08/1 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |