{"id":"MGASA-2021-0085","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.10.14 and fixes at least\nthe following security issues:\n\nnbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12\nhas an ndb_queue_rq use-after-free that could be triggered by local\nattackers (with access to the nbd device) via an I/O request at a\ncertain point during device setup (CVE-2021-3348).\n\nA local privilege escalation was discovered in the Linux kernel before\n5.10.13. Multiple race conditions in the AF_VSOCK implementation are\ncaused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708).\n\nIt also adds the following fixes:\n- make CONNECTOR builtin to enable PROC_EVENTS (mga#28312)\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-04-16T04:42:56.268543203Z","published":"2021-02-15T19:24:33Z","upstream":["CVE-2021-26708","CVE-2021-3348"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0085.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28341"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28312"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.14-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0085.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}