MGASA-2021-0061

Description

Updated kernel packages fix security vulnerabilities This kernel update is based on upstream 5.10.12 and fixes at least the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS (CVE-2021-3178). An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel (CVE-2021-3347). nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (CVE-2021-3348). It also adds the following fixes: - ALSA: hda: Add Cometlake-R PCI ID - ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid - ALSA: hda/via: Apply the workaround generically for Clevo machines - ASoC: AMD Renoir - refine DMI entries for some Lenovo products - crypto: arm64/sha - add missing module aliases - drm/amdgpu: Add Missing Sienna Cichlid DID - drm/gpu/nouveau/dispnv50: Restore pushing of all data - fix and re-enamble 3rdparty rtl8821ce driver (mga#28150) - iwlwifi: provide gso_type to GSO packets (fixes upload speed regression) For other upstream fixes, see the referenced changelogs.

Affected Systems

• mageia•kernel

  < 5.10.12-1.mga7

• mageia•kmod-virtualbox

  < 6.1.18-4.mga7

• mageia•kmod-xtables-addons

  < 3.13-9.mga7

References (7)

• https://advisories.mageia.org/MGASA-2021-0061.html
• https://bugs.mageia.org/show_bug.cgi?id=28210
• https://bugs.mageia.org/show_bug.cgi?id=28150
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.9
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.10
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.11
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.12