{"id":"MGASA-2021-0460","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.10.70 and fixes at least\nthe following security issues:\n\nUse-after-free vulnerability in the Linux kernel exploitable by a local\nattacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid\nobject as a listener after being released (CVE-2020-16119).\n\nA race condition was discovered in ext4_write_inline_data_end in\nfs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13\n(CVE-2021-40490).\n\noop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows\nlocal users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger\na free of a kernel buffer, as demonstrated by using /proc/\u003cpid\u003e/maps for\nexploitation (CVE-2021-41073).\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-04-16T00:08:51.453569588Z","published":"2021-10-04T16:42:18Z","upstream":["CVE-2020-16119","CVE-2021-40490","CVE-2021-41073"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0460.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29508"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.63"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.64"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.65"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.66"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.67"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.68"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.69"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.70"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.70-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0460.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}