{"id":"MGASA-2021-0366","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 5.10.52 and fixes at least the\nfollowing security issues:\n\nThere is a race condition in net/can/bcm.c that can lead to local\nprivilege escalation to root (CVE-2021-3609).\n\nA vulnerability was found in the Linux kernel. Missing size validations on\ninbound SCTP packets may allow the kernel to read uninitialized memory\n(CVE-2021-3655).\n\nfs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does\nnot properly restrict seq buffer allocations, leading to an integer\noverflow, an Out-of-bounds Write, and escalation to root by an unprivileged\nuser (CVE-2021-33909).\n\nOther fixes in this update:\n- rtl8xxxu: disable interrupt_in transfer for 8188cu and 8192cu\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-04-16T00:09:31.135014715Z","published":"2021-07-22T07:08:00Z","upstream":["CVE-2021-33909","CVE-2021-3609","CVE-2021-3655"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0366.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29271"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.49"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.50"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2021/06/19/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2021/07/20/1"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.52-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0366.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.22-1.12.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0366.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18-1.12.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0366.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}