{"id":"MGASA-2021-0204","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 5.10.33 and fixes at least the\nfollowing security issues:\n\nA race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before\n5.12-rc8 can lead to kernel privilege escalation from the context of a\nnetwork service or an unprivileged process. If sctp_destroy_sock is called\nwithout sock_net(sk)-\u003esctp.addr_wq_lock then an element is removed from\nthe auto_asconf_splist list without any proper locking. This can be\nexploited by an attacker with network service privileges to escalate to\nroot or from the context of an unprivileged user directly if a\nBPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some\nSCTP socket (CVE-2021-23133).\n\nAn issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/\nverifier.c performs undesirable out-of-bounds speculation on pointer\narithmetic, leading to side-channel attacks that defeat Spectre mitigations\nand obtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (CVE-2021-29155).\n\nThis update also contains the following:\n- xtables-addons has been updated to 3.18 (only in Mageia 8)\n- wireguard-tools has been updated to v1.0.20210424-1.mga8\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-01-31T13:40:56.508476Z","published":"2021-05-02T16:29:10Z","related":["CVE-2021-23133","CVE-2021-29155"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0204.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28856"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.31"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.32"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.33-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.20-2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13-21.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20210424-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"kernel","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.33-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.20-3.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20210424-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0204.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}