{"id":"MGASA-2021-0398","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.10.56 and fixes at least\nthe following security issues:\n\nIn the Linux kernel through 5.13.7, an unprivileged BPF program can\nobtain sensitive information from kernel memory via a Speculative Store\nBypass side-channel attack because the protection mechanism neglects the\npossibility of uninitialized memory locations on the BPF stack\n(CVE-2021-34556).\n\nIn the Linux kernel through 5.13.7, an unprivileged BPF program can\nobtain sensitive information from kernel memory via a Speculative Store\nBypass side-channel attack because a certain preempting store operation\ndoes not necessarily occur before a store operation that has an\nattacker-controlled value (CVE-2021-35477).\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-02-02T03:22:07.341009Z","published":"2021-08-07T09:31:15Z","related":["CVE-2021-34556","CVE-2021-35477"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0398.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29313"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.53"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.54"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.55"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.56"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.56-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0398.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}