MGASA-2021-0102 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 04 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0102.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-26930,
     CVE-2021-26931,
     CVE-2021-26932

This kernel-linus update is based on upstream 5.10.19 and fixes atleast
the following security issues:

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used
by Xen. To service requests to the PV backend, the driver maps grant
references provided by the frontend. In this process, errors may be
encountered. In one case, an error encountered earlier might be
discarded by later processing, resulting in the caller assuming
successful mapping, and hence subsequent operations trying to access
space that wasn't mapped. In another case, internal state would be
insufficiently updated, preventing safe recovery from the error
(CVE-2021-26930).

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as
used in Xen. Block, net, and SCSI backends consider certain errors a
plain bug, deliberately causing a kernel crash. For errors potentially
being at least under the influence of guests (such as out of memory
conditions), it isn't correct to assume a plain bug. Memory allocations
potentially causing such crashes occur only when Linux is running in
PV mode, though (CVE-2021-26931).

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used
by Xen. Grant mapping operations often occur in batch hypercalls, where
a number of operations are done in a single hypercall, the success or
failure of each one is reported to the backend driver, and the backend
driver then loops over the results, performing follow-up actions based
on the success or failure of each operation. Unfortunately, when running
in PV mode, the Linux backend drivers mishandle this: Some errors are
ignored, effectively implying their success from the success of related
batch elements. In other cases, errors resulting from one batch element
lead to further batch elements not being inspected, and hence successful
ones to not be possible to properly unmap upon error recovery. Only
systems with Linux backends running in PV mode are vulnerable. Linux
backends run in HVM / PVH modes are not vulnerable (CVE-2021-26932).

It also adds the following fixes:
- enable ACPI_EC_DEBUGFS (mga#28415)

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28471
- https://bugs.mageia.org/show_bug.cgi?id=28415
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.17
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.18
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.19
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932

SRPMS:
- 8/core/kernel-linus-5.10.19-1.mga8

Mageia 2021-0102: kernel-linus security update

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by...

Summary

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues:
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error (CVE-2021-26930).
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though (CVE-2021-26931).
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable (CVE-2021-26932).
It also adds the following fixes: - enable ACPI_EC_DEBUGFS (mga#28415)
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=28471

- https://bugs.mageia.org/show_bug.cgi?id=28415

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.17

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.18

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.19

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26930

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932

Resolution

MGASA-2021-0102 - Updated kernel-linus packages fix security vulnerabilities

SRPMS

- 8/core/kernel-linus-5.10.19-1.mga8

Severity
Publication date: 04 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0102.html
Type: security
CVE: CVE-2021-26930, CVE-2021-26931, CVE-2021-26932

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved