advisories/23586.adv

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2018-5391
 - CVE-2018-14641
 - CVE-2018-17182
src:
  6:
   core:
     - kernel-4.14.70-2.mga6
     - kernel-userspace-headers-4.14.70-2.mga6
     - kmod-vboxadditions-5.2.18-6.mga6
     - kmod-virtualbox-5.2.18-6.mga6
     - kmod-xtables-addons-2.13-66.mga6
description: |
  This kernel update is based on the upstream 4.14.70 and adds additional
  fixes for the L1TF security issues. It also fixes atleast the following
  security issues:

  Linux kernel from versions 3.9 and up, is vulnerable to a denial of
  service attack with low rates of specially modified packets targeting IP
  fragment re-assembly. An attacker may cause a denial of service condition
  by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).

  A security flaw was found in the ip_frag_reasm() function in
  net/ipv4/ip_fragment.c in the Linux kernel caused by fixes for
  CVE-2018-5391, which can cause a later system crash in ip_do_fragment().
  With certain non-default, but non-rare, configuration of a victim host,
  an attacker can trigger this crash remotely, thus leading to a remote
  denial-of-service (CVE-2018-14641).

  An issue was discovered in the Linux kernel through 4.18.8. The
  vmacache_flush_all function in mm/vmacache.c mishandles sequence number
  overflows. An attacker can trigger a use-after-free (and possibly gain
  privileges) via certain thread creation, map, unmap, invalidation, and
  dereference operations (CVE-2018-17182).

  Other fixes in this update:
  * drm: fix use of freed memory in drm_mode_setcrtc
  * drm/i915: Apply the GTT write flush for all !llc machines
  * net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
    (fixes a kernel crash)
  * pinctrl/amd: only handle irq if it is pending and unmasked
    (possible real fix for the interrupt storm on Ryzen platform)

  For other uptstream fixes in this update, see the referenced changelog.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23586
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.70
ID: MGASA-2018-0391
1	type: security
2	subject: Updated kernel packages fix security vulnerabilities
3	CVE:
4	- CVE-2018-5391
5	- CVE-2018-14641
6	- CVE-2018-17182
7	src:
8	6:
9	core:
10	- kernel-4.14.70-2.mga6
11	- kernel-userspace-headers-4.14.70-2.mga6
12	- kmod-vboxadditions-5.2.18-6.mga6
13	- kmod-virtualbox-5.2.18-6.mga6
14	- kmod-xtables-addons-2.13-66.mga6
15	description: \|
16	This kernel update is based on the upstream 4.14.70 and adds additional
17	fixes for the L1TF security issues. It also fixes atleast the following
18	security issues:
19
20	Linux kernel from versions 3.9 and up, is vulnerable to a denial of
21	service attack with low rates of specially modified packets targeting IP
22	fragment re-assembly. An attacker may cause a denial of service condition
23	by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).
24
25	A security flaw was found in the ip_frag_reasm() function in
26	net/ipv4/ip_fragment.c in the Linux kernel caused by fixes for
27	CVE-2018-5391, which can cause a later system crash in ip_do_fragment().
28	With certain non-default, but non-rare, configuration of a victim host,
29	an attacker can trigger this crash remotely, thus leading to a remote
30	denial-of-service (CVE-2018-14641).
31
32	An issue was discovered in the Linux kernel through 4.18.8. The
33	vmacache_flush_all function in mm/vmacache.c mishandles sequence number
34	overflows. An attacker can trigger a use-after-free (and possibly gain
35	privileges) via certain thread creation, map, unmap, invalidation, and
36	dereference operations (CVE-2018-17182).
37
38	Other fixes in this update:
39	* drm: fix use of freed memory in drm_mode_setcrtc
40	* drm/i915: Apply the GTT write flush for all !llc machines
41	* net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
42	(fixes a kernel crash)
43	* pinctrl/amd: only handle irq if it is pending and unmasked
44	(possible real fix for the interrupt storm on Ryzen platform)
45
46	For other uptstream fixes in this update, see the referenced changelog.
47	references:
48	- https://bugs.mageia.org/show_bug.cgi?id=23586
49	- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.70
50	ID: MGASA-2018-0391