Updated kernel-linus packages fix security vulnerabilities
Publication date: 18 Apr 2021Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2020-25670 , CVE-2020-25671 , CVE-2020-25672 , CVE-2021-3483 , CVE-2021-29154 , CVE-2021-29657
Description
This kernel-linus update is based on upstream 5.10.30 and fixes at least the following security issues: nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context (CVE-2021-29154). KVM: SVM: load control fields from VMCB12 before checking them (CVE-2021-29657). For other upstream fixes, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=28781
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.28
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.29
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.30
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29657
SRPMS
7/core
- kernel-linus-5.10.30-1.mga7
8/core
- kernel-linus-5.10.30-1.mga8