/[advisories]/24775.adv
ViewVC logotype

Contents of /24775.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8545 - (show annotations) (download)
Thu May 16 07:49:09 2019 UTC (4 weeks, 6 days ago) by tmb
File size: 6322 byte(s)
MGASA-2019-0172: kernel-linus-4.14.119-1.mga6
1 type: security
2 subject: Updated kernel-linus packages fixes security vulnerabilities
3 CVE:
4 - CVE-2018-12126
5 - CVE-2018-12127
6 - CVE-2018-12130
7 - CVE-2018-1000026
8 - CVE-2019-3882
9 - CVE-2019-7308
10 - CVE-2019-9213
11 - CVE-2019-11091
12 - CVE-2019-11486
13 - CVE-2019-11599
14 src:
15 6:
16 core:
17 - kernel-linus-4.14.119-1.mga6
18 description: |
19 This kernel update provides the upstream 4.14.119 that adds the kernel side
20 mitigations for the Microarchitectural Data Sampling (MDS, also called
21 ZombieLoad attack) vulnerabilities in Intel processors that can allow
22 attackers to retrieve data being processed inside a CPU. To complete the
23 mitigations new microcode is also needed, either by installing the
24 microcode-0.20190514-1.mga6 package, or get an updated bios / uefi
25 firmware from the motherboard vendor.
26
27 The fixed / mitigated issues are:
28
29 Modern Intel microprocessors implement hardware-level micro-optimizations
30 to improve the performance of writing data back to CPU caches. The write
31 operation is split into STA (STore Address) and STD (STore Data)
32 sub-operations. These sub-operations allow the processor to hand-off
33 address generation logic into these sub-operations for optimized writes.
34 Both of these sub-operations write to a shared distributed processor
35 structure called the 'processor store buffer'. As a result, an
36 unprivileged attacker could use this flaw to read private data resident
37 within the CPU's processor store buffer. (CVE-2018-12126)
38
39 Microprocessors use a ‘load port’ subcomponent to perform load operations
40 from memory or IO. During a load operation, the load port receives data
41 from the memory or IO subsystem and then provides the data to the CPU
42 registers and operations in the CPU’s pipelines. Stale load operations
43 results are stored in the 'load port' table until overwritten by newer
44 operations. Certain load-port operations triggered by an attacker can be
45 used to reveal data about previous stale requests leaking data back to the
46 attacker via a timing side-channel. (CVE-2018-12127)
47
48 A flaw was found in the implementation of the "fill buffer", a mechanism
49 used by modern CPUs when a cache-miss is made on L1 CPU cache. If an
50 attacker can generate a load operation that would create a page fault,
51 the execution will continue speculatively with incorrect data from the
52 fill buffer while the data is fetched from higher level caches. This
53 response time can be measured to infer data in the fill buffer.
54 (CVE-2018-12130)
55
56 Uncacheable memory on some microprocessors utilizing speculative execution
57 may allow an authenticated user to potentially enable information disclosure
58 via a side channel with local access. (CVE-2019-11091)
59
60
61 It also fixes atleast the following security issues:
62
63 Linux Linux kernel version at least v4.8 onwards, probably well before
64 contains a Insufficient input validation vulnerability in bnx2x network
65 card driver that can result in DoS: Network card firmware assertion takes
66 card off-line. This attack appear to be exploitable via An attacker on a
67 must pass a very large, specially crafted packet to the bnx2x card.
68 This can be done from an untrusted guest VM (CVE-2018-1000026)
69
70 A flaw was found in the Linux kernel's vfio interface implementation that
71 permits violation of the user's locked memory limit. If a device is bound
72 to a vfio driver, such as vfio-pci, and the local attacker is
73 administratively granted ownership of the device, it may cause a system
74 memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882).
75
76 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable
77 out-of-bounds speculation on pointer arithmetic in various cases, including
78 cases of different branches with different state or limits to sanitize,
79 leading to side-channel attacks (CVE-2019-7308).
80
81 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks
82 a check for the mmap minimum address, which makes it easier for attackers
83 to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
84 related to a capability check for the wrong task (CVE-2019-9213).
85
86 The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the
87 Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486).
88
89 The coredump implementation in the Linux kernel before 5.0.10 does not use
90 locking or other mechanisms to prevent vma layout or vma flags changes while
91 it runs, which allows local users to obtain sensitive information, cause a
92 denial of service, or possibly have unspecified other impact by triggering
93 a race condition with mmget_not_zero or get_task_mm calls (CVE-2019-11599).
94
95 It also fixes signal handling issues causing powertop to crash and some
96 tracing tools to fail on execve tests.
97
98 For other uptstream fixes in this update, see the referenced changelogs.
99 references:
100 - https://bugs.mageia.org/show_bug.cgi?id=24775
101 - https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
102 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.101
103 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.102
104 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103
105 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.104
106 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
107 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.106
108 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.107
109 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.108
110 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.109
111 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.110
112 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111
113 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
114 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113
115 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
116 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.115
117 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.116
118 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.117
119 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118
120 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119
121 ID: MGASA-2019-0172

  ViewVC Help
Powered by ViewVC 1.1.26