{"id":"MGASA-2021-0508","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.10.78 and fixes at least\nthe following security issues:\n\nA use-after-free vulnerability in the NFC stack can lead to a threat to\nconfidentiality, integrity, and system availability (CVE-2021-3760).\n\nA flaw in the SCTP stack where a blind attacker may be able to kill an\nexisting SCTP association through invalid chunks if the attacker knows\nthe IP-addresses and port numbers being used and the attacker can send\npackets with spoofed IP addresses (CVE-2021-3772).\n\nA flaw heap buffer overflow in the Linux kernel's AMD Radeon graphics\ncard driver was found in the way user writes some malicious data to the\nAMD GPU Display Driver Debug Filesystem (to the VGA sub-directory of the\n/sys/kernel/debug/ directory). A local user could use this flaw to crash\nthe system or escalate their privileges on the system (CVE-2021-42327).\n\nThe firewire subsystem in the Linux kernel through 5.14.13 has a buffer\noverflow related to drivers/media/firewire/firedtv-avc.c and\ndrivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles\nbounds checking (CVE-2021-42739).\n\nA flaw was discovered in the cryptographic receive code in the Linux\nkernel's implementation of transparent interprocess communication. An\nattacker, with the ability to send TIPC messages to the target, can\ncorrupt memory and escalate privileges on the target system\n(CVE-2021-43267).\n\nAn issue was discovered in the Linux kernel before 5.14.15. There is an\narray-index-out-of-bounds flaw in the detach_capi_ctr function in\ndrivers/isdn/capi/kcapi.c (CVE-2021-43389).\n\nFor other upstream fixes, see the referenced changelogs. \n","modified":"2026-02-01T01:27:31.137640Z","published":"2021-11-11T15:02:40Z","related":["CVE-2021-3760","CVE-2021-3772","CVE-2021-42327","CVE-2021-42739","CVE-2021-43267","CVE-2021-43389"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0508.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29629"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.76"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.77"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.78"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.78-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0508.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}