{"id":"MGASA-2021-0539","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.15.6 and fixes at least the\nfollowing security issues:\n\nA vulnerability was found in Linux kernel, where a use-after-frees in\nnouveau's postclose() handler could happen if removing device (that is\nnot common to remove video card physically without power-off, but same\nhappens if \"unbind\" the driver) (CVE-2020-27820).\n\nA race condition when the eBPF map is frozen (CVE-2021-4001).\n\nA memory leak flaw in the Linux kernel's hugetlbfs memory usage was found\nin the way the user maps some regions of memory twice using shmget() which\nare aligned to PUD alignment with the fault of some of the memory pages.\nA local user could use this flaw to get unauthorized access to some data\n(CVE-2021-4002).\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-01-31T13:01:57.165934Z","published":"2021-12-05T19:06:44Z","related":["CVE-2020-27820","CVE-2021-4001","CVE-2021-4002"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0539.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29716"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.5"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.6"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.6-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0539.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}