Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0419
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0419)
Summary:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0419 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0419 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.10.62 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic in ath9k (CVE-2020-3702). A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference in btrfs code (CVE-2021-3739). there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743). An out-of-bounds read due to a race condition has been found in the Linux kernel due to write access to vc_mode is not protected by a lock in vt_ioctl (KDSETMDE) (CVE-2021-3753). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-3702 https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3739 https://bugzilla.redhat.com/show_bug.cgi?id=1997958 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://security.netapp.com/advisory/ntap-20220407-0006/ https://ubuntu.com/security/CVE-2021-3739 https://www.openwall.com/lists/oss-security/2021/08/25/3 Common Vulnerability Exposure (CVE) ID: CVE-2021-3743 https://bugzilla.redhat.com/show_bug.cgi?id=1997961 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e78c597c3ebfd0cb329aa09a838734147e4f117 https://github.com/torvalds/linux/commit/7e78c597c3ebfd0cb329aa09a838734147e4f117 https://lists.openwall.net/netdev/2021/08/17/124 https://security.netapp.com/advisory/ntap-20220407-0007/ https://www.openwall.com/lists/oss-security/2021/08/27/2 https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3753 https://bugzilla.redhat.com/show_bug.cgi?id=1999589 https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7 https://www.openwall.com/lists/oss-security/2021/09/01/4
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.