{"id":"MGASA-2021-0489","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 5.10.75 and fixes at least the\nfollowing security issues:\n\nA memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/\nccp/ccp-ops.c in the Linux kernel allows malicious users to cause a\ndenial of service (memory consumption) (CVE-2021-3744).\n\nA memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd()\nfunction that allows an malicious user to cause a denial of service\n(CVE-2021-3764).\n\nA race condition accessing file object in the Linux kernel OverlayFS\nsubsystem was found in the way users do rename in specific way with\nOverlayFS. A local user could use this flaw to crash the system\n(CVE-2021-20321).\n\nprealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel\nthrough 5.14.9 allows unprivileged users to trigger an eBPF multiplication\ninteger overflow with a resultant out-of-bounds write (CVE-2021-41864).\n\nFor other upstream fixes, see the referenced changelogs. \n","modified":"2026-02-04T02:23:45.739866Z","published":"2021-10-25T15:49:26Z","related":["CVE-2021-20321","CVE-2021-3744","CVE-2021-3764","CVE-2021-41864"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0489.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29571"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.71"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.72"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.73"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.74"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.75"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.75-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0489.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.28-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0489.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18-1.25.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0489.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}