advisories/24775.adv

type: security
subject: Updated kernel-linus packages fixes security vulnerabilities
CVE:
 - CVE-2018-1000026
 - CVE-2019-3882
 - CVE-2019-7308
 - CVE-2019-9213
 - CVE-2019-11486
 - CVE-2019-11599
src:
  6:
   core:
     - kernel-linus-4.14.116-1.mga6
description: |
  This kernel-linus update is based on the upstream 4.14.116 and fixes
  atleast the following security issues:

  Linux Linux kernel version at least v4.8 onwards, probably well before
  contains a Insufficient input validation vulnerability in bnx2x network
  card driver that can result in DoS: Network card firmware assertion takes
  card off-line. This attack appear to be exploitable via An attacker on a
  must pass a very large, specially crafted packet to the bnx2x card.
  This can be done from an untrusted guest VM (CVE-2018-1000026)

  A flaw was found in the Linux kernel's vfio interface implementation that
  permits violation of the user's locked memory limit. If a device is bound
  to a vfio driver, such as vfio-pci, and the local attacker is
  administratively granted ownership of the device, it may cause a system
  memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882).

  kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable
  out-of-bounds speculation on pointer arithmetic in various cases, including
  cases of different branches with different state or limits to sanitize,
  leading to side-channel attacks (CVE-2019-7308).

  In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks
  a check for the mmap minimum address, which makes it easier for attackers
  to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
  related to a capability check for the wrong task (CVE-2019-9213).

  The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the
  Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486).

  The coredump implementation in the Linux kernel before 5.0.10 does not use
  locking or other mechanisms to prevent vma layout or vma flags changes while
  it runs, which allows local users to obtain sensitive information, cause a
  denial of service, or possibly have unspecified other impact by triggering
  a race condition with mmget_not_zero or get_task_mm calls (CVE-2019-11599).

  It also fixes signal handling issues causing powertop to crash and some
  tracing tools to fail on execve tests.

  For other uptstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24775
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.101
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.102
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.104
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.106
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.107
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.108
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.109
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.110
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.115
 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.116
1	tmb	8535	type: security
2			subject: Updated kernel-linus packages fixes security vulnerabilities
3			CVE:
4			- CVE-2018-1000026
5			- CVE-2019-3882
6			- CVE-2019-7308
7			- CVE-2019-9213
8			- CVE-2019-11486
9			- CVE-2019-11599
10			src:
11			6:
12			core:
13			- kernel-linus-4.14.116-1.mga6
14			description: \|
15			This kernel-linus update is based on the upstream 4.14.116 and fixes
16			atleast the following security issues:
17
18			Linux Linux kernel version at least v4.8 onwards, probably well before
19			contains a Insufficient input validation vulnerability in bnx2x network
20			card driver that can result in DoS: Network card firmware assertion takes
21			card off-line. This attack appear to be exploitable via An attacker on a
22			must pass a very large, specially crafted packet to the bnx2x card.
23			This can be done from an untrusted guest VM (CVE-2018-1000026)
24
25			A flaw was found in the Linux kernel's vfio interface implementation that
26			permits violation of the user's locked memory limit. If a device is bound
27			to a vfio driver, such as vfio-pci, and the local attacker is
28			administratively granted ownership of the device, it may cause a system
29			memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882).
30
31			kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable
32			out-of-bounds speculation on pointer arithmetic in various cases, including
33			cases of different branches with different state or limits to sanitize,
34			leading to side-channel attacks (CVE-2019-7308).
35
36			In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks
37			a check for the mmap minimum address, which makes it easier for attackers
38			to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
39			related to a capability check for the wrong task (CVE-2019-9213).
40
41			The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the
42			Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486).
43
44			The coredump implementation in the Linux kernel before 5.0.10 does not use
45			locking or other mechanisms to prevent vma layout or vma flags changes while
46			it runs, which allows local users to obtain sensitive information, cause a
47			denial of service, or possibly have unspecified other impact by triggering
48			a race condition with mmget_not_zero or get_task_mm calls (CVE-2019-11599).
49
50			It also fixes signal handling issues causing powertop to crash and some
51			tracing tools to fail on execve tests.
52
53			For other uptstream fixes in this update, see the referenced changelogs.
54			references:
55			- https://bugs.mageia.org/show_bug.cgi?id=24775
56			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.101
57			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.102
58			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103
59			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.104
60			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
61			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.106
62			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.107
63			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.108
64			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.109
65			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.110
66			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111
67			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
68			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113
69			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
70			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.115
71			- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.116