{"id":"MGASA-2021-0418","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 5.10.62 and fixes at least the\nfollowing security issues:\n\nA flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel\nHCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or\nother way triggers race condition of the call sco_conn_del() together with\nthe call sco_sock_sendmsg() with the expected controllable faulting memory\npage. A privileged local user could use this flaw to crash the system or\nescalate their privileges on the system (CVE-2021-3640).\n\nA process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference\nin btrfs code (CVE-2021-3739).\n\nthere is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c\n(CVE-2021-3743).\n\nAn out-of-bounds read due to a race condition has been found in the Linux\nkernel due to write access to vc_mode is not protected by a lock in vt_ioctl\n(KDSETMDE) (CVE-2021-3753).\n\nA race condition was discovered in ext4_write_inline_data_end in\nfs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13\n(CVE-2021-40490).\n\nOther fixes in this update:\n- audio stopped working with the update to kernel 5.10.60 released in\n  MGASA-2021-0409 (mga#29426).\n- x86/ACPI/State: Optimize C3 entry on AMD CPUs\n- fscrypt: add fscrypt_symlink_getattr() for computing st_size\n- ext4: report correct st_size for encrypted symlinks\n- f2fs: report correct st_size for encrypted symlinks\n- ubifs: report correct st_size for encrypted symlinks\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-02-04T03:11:15.067635Z","published":"2021-09-08T09:23:46Z","related":["CVE-2021-3640","CVE-2021-3739","CVE-2021-3743","CVE-2021-3753","CVE-2021-40490"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0418.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29435"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29426"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.61"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.62"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.62-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0418.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.26-1.4.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0418.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18-1.22.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0418.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}