Advisories ยป MGASA-2021-0191

Updated kernel-linus packages fix security vulnerabilities

Publication date: 18 Apr 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2020-25670 , CVE-2020-25671 , CVE-2020-25672 , CVE-2021-3483 , CVE-2021-29154 , CVE-2021-29657

Description

This kernel-linus update is based on upstream 5.10.30 and fixes at least
the following security issues:

nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670)

nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671)

nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672)

firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483)

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect
computation of branch displacements, allowing them to execute arbitrary 
code within the kernel context (CVE-2021-29154).

KVM: SVM: load control fields from VMCB12 before checking them
(CVE-2021-29657).

For other upstream fixes, see the referenced changelogs.
                

References

SRPMS

8/core

7/core