Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0538)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2021.0538

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2021-0538)

Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0538 advisory.

Description: Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0538 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.15.6 and fixes at least the
following security issues:

A vulnerability was found in Linux kernel, where a use-after-frees in
nouveau's postclose() handler could happen if removing device (that is
not common to remove video card physically without power-off, but same
happens if 'unbind' the driver) (CVE-2020-27820).

A race condition when the eBPF map is frozen (CVE-2021-4001).

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found
in the way the user maps some regions of memory twice using shmget() which
are aligned to PUD alignment with the fault of some of the memory pages.
A local user could use this flaw to get unauthorized access to some data
(CVE-2021-4002).

In addition to the upstream changes, we also have added the following fixes:
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
- cpufreq: intel_pstate: ITMT support for overclocked system
- Revert 'drm/i915: Implement Wa_1508744258'
- drm/i915/adl-n: Enable Alder Lake N platform
- hwmon: (asus_wmi_sensors) Support X370 Asus WMI
- hwmon: (asus_wmi_ec_sensors) Support B550 Asus WMI
- hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors
- hwmon: (nct6775) Use superio_*() function pointers in sio_data
- hwmon: (nct6775) Use nct6775_*() function pointers in nct6775_data
- hwmon: (nct6775) Support access via Asus WMI
- hwmon: (nct6775) Add additional ASUS motherboards
- hwmon: (nct6775) add Pro WS X570-ACE
- hwmon: (nct6775) add ProArt X570-CREATOR WIFI
- mmc: sdhci-pci: Add PCI ID for Intel ADL
- pinctrl: amd: Fix wakeups when IRQ is shared with SC
- rt2x00: do not mark device gone on EPROTO errors during start
- xhci: Fix command ring abort, write all 64 bits to CRCR register

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:C/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-27820
https://bugzilla.redhat.com/show_bug.cgi?id=1901726
https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/
https://www.oracle.com/security-alerts/cpujul2022.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-4001
https://bugzilla.redhat.com/show_bug.cgi?id=2025645
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53
Common Vulnerability Exposure (CVE) ID: CVE-2021-4002
Debian Security Information: DSA-5096 (Google Search)
https://www.debian.org/security/2022/dsa-5096
https://bugzilla.redhat.com/show_bug.cgi?id=2025726
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890
https://www.openwall.com/lists/oss-security/2021/11/25/1
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0538
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0538)
Summary:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0538 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0538 advisory. Vulnerability Insight: This kernel update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (CVE-2020-27820). A race condition when the eBPF map is frozen (CVE-2021-4001). A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data (CVE-2021-4002). In addition to the upstream changes, we also have added the following fixes: - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - cpufreq: intel_pstate: ITMT support for overclocked system - Revert 'drm/i915: Implement Wa_1508744258' - drm/i915/adl-n: Enable Alder Lake N platform - hwmon: (asus_wmi_sensors) Support X370 Asus WMI - hwmon: (asus_wmi_ec_sensors) Support B550 Asus WMI - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors - hwmon: (nct6775) Use superio_() function pointers in sio_data - hwmon: (nct6775) Use nct6775_() function pointers in nct6775_data - hwmon: (nct6775) Support access via Asus WMI - hwmon: (nct6775) Add additional ASUS motherboards - hwmon: (nct6775) add Pro WS X570-ACE - hwmon: (nct6775) add ProArt X570-CREATOR WIFI - mmc: sdhci-pci: Add PCI ID for Intel ADL - pinctrl: amd: Fix wakeups when IRQ is shared with SC - rt2x00: do not mark device gone on EPROTO errors during start - xhci: Fix command ring abort, write all 64 bits to CRCR register For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-27820 https://bugzilla.redhat.com/show_bug.cgi?id=1901726 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com/ https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com/ https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com/ https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2025645 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53 Common Vulnerability Exposure (CVE) ID: CVE-2021-4002 Debian Security Information: DSA-5096 (Google Search) https://www.debian.org/security/2022/dsa-5096 https://bugzilla.redhat.com/show_bug.cgi?id=2025726 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 https://www.openwall.com/lists/oss-security/2021/11/25/1 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Copyright	Copyright (C) 2022 Greenbone AG