Advisories ยป MGASA-2021-0418

Updated kernel packages fix security vulnerabilities

Publication date: 08 Sep 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3640 , CVE-2021-3739 , CVE-2021-3743 , CVE-2021-3753 , CVE-2021-40490


This kernel update is based on upstream 5.10.62 and fixes at least the
following security issues:

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel
HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or
other way triggers race condition of the call sco_conn_del() together with
the call sco_sock_sendmsg() with the expected controllable faulting memory
page. A privileged local user could use this flaw to crash the system or
escalate their privileges on the system (CVE-2021-3640).

A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference
in btrfs code (CVE-2021-3739).

there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c

An out-of-bounds read due to a race condition has been found in the Linux
kernel due to write access to vc_mode is not protected by a lock in vt_ioctl
(KDSETMDE) (CVE-2021-3753).

A race condition was discovered in ext4_write_inline_data_end in
fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13

Other fixes in this update:
- audio stopped working with the update to kernel 5.10.60 released in
  MGASA-2021-0409 (mga#29426).
- x86/ACPI/State: Optimize C3 entry on AMD CPUs
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
- ext4: report correct st_size for encrypted symlinks
- f2fs: report correct st_size for encrypted symlinks
- ubifs: report correct st_size for encrypted symlinks

For other upstream fixes, see the referenced changelogs.