{
  "schema_version": "1.7.0",
  "id": "MGASA-2021-0367",
  "published": "2021-07-22T07:08:00Z",
  "modified": "2022-02-17T18:21:47Z",
  "summary": "Updated kernel-linus packages fix security vulnerabilities",
  "details": "This kernel-linus update is based on upstream 5.10.52 and fixes at least\nthe following security issues:\n\nThere is a race condition in net/can/bcm.c that can lead to local\nprivilege escalation to root (CVE-2021-3609).\n\nA vulnerability was found in the Linux kernel. Missing size validations on\ninbound SCTP packets may allow the kernel to read uninitialized memory\n(CVE-2021-3655).\n\nfs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does\nnot properly restrict seq buffer allocations, leading to an integer\noverflow, an Out-of-bounds Write, and escalation to root by an unprivileged\nuser (CVE-2021-33909).\n\nFor other upstream fixes, see the referenced changelogs.\n",
  "upstream": [
    "CVE-2021-3609",
    "CVE-2021-3655",
    "CVE-2021-33909"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2021-0367.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=29272"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.49"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.50"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2021/06/19/1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2021/07/20/1"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:8",
        "name": "kernel-linus",
        "purl": "pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.10.52-1.mga8"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}