{"id":"MGASA-2021-0419","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.10.62 and fixes at least the\nfollowing security issues:\n\nSpecifically timed and handcrafted traffic can cause internal errors\nin a WLAN device that lead to improper layer 2 Wi-Fi encryption with a\nconsequent possibility of information disclosure over the air for a\ndiscrete set of traffic in ath9k (CVE-2020-3702).\n\nA process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference\nin btrfs code (CVE-2021-3739).\n\nthere is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c\n(CVE-2021-3743).\n\nAn out-of-bounds read due to a race condition has been found in the Linux\nkernel due to write access to vc_mode is not protected by a lock in vt_ioctl\n(KDSETMDE) (CVE-2021-3753).\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-04-16T04:40:49.861867012Z","published":"2021-09-08T09:23:46Z","upstream":["CVE-2020-3702","CVE-2021-3739","CVE-2021-3743","CVE-2021-3753"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0419.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29436"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.61"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.62"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.62-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0419.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}