| Description: | Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0418 advisory.
Vulnerability Insight:
This kernel update is based on upstream 5.10.62 and fixes at least the
following security issues:
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel
HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or
other way triggers race condition of the call sco_conn_del() together with
the call sco_sock_sendmsg() with the expected controllable faulting memory
page. A privileged local user could use this flaw to crash the system or
escalate their privileges on the system (CVE-2021-3640).
A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference
in btrfs code (CVE-2021-3739).
there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c
(CVE-2021-3743).
An out-of-bounds read due to a race condition has been found in the Linux
kernel due to write access to vc_mode is not protected by a lock in vt_ioctl
(KDSETMDE) (CVE-2021-3753).
A race condition was discovered in ext4_write_inline_data_end in
fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13
(CVE-2021-40490).
Other fixes in this update:
- audio stopped working with the update to kernel 5.10.60 released in
MGASA-2021-0409 (mga#29426).
- x86/ACPI/State: Optimize C3 entry on AMD CPUs
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
- ext4: report correct st_size for encrypted symlinks
- f2fs: report correct st_size for encrypted symlinks
- ubifs: report correct st_size for encrypted symlinks
For other upstream fixes, see the referenced changelogs.
Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.
Solution:
Please install the updated package(s).
CVSS Score:
6.9
CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
