advisories/25686.adv

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2019-0155
 - CVE-2019-11135
 - CVE-2018-12207
src:
  7:
   core:
     - kernel-5.3.11-1.mga7
     - kmod-virtualbox-6.0.14-6.mga7
     - kmod-xtables-addons-3.5-9.mga7
description: |
  This kernel update is based on the upstream 5.3.13 and fixes atleast the 
  following security issues:

  Insufficient access control in a subsystem for Intel (R) processor graphics
  may allow an authenticated user to potentially enable escalation of
  privilege via local access (CVE-2019-0155).

  TSX Asynchronous Abort condition on some CPUs utilizing speculative
  execution may allow an authenticated user to potentially enable
  information disclosure via a side channel with local access
  (CVE-2019-11135).

  Improper invalidation for page table updates by a virtual guest operating
  system for multiple Intel(R) Processors may allow an authenticated user to
  potentially enable denial of service of the host system via local access
  (CVE-2018-12207). 

  For proper mitigations and fixes for theese issues, a microcode update is
  also needed, either with a bios/uefi update from your hardware vendor or
  by installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688).

  For other upstream fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25686
 - https://bugs.mageia.org/show_bug.cgi?id=25688
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
ID: MGASA-2019-0332
1	type: security
2	subject: Updated kernel packages fix security vulnerabilities
3	CVE:
4	- CVE-2019-0155
5	- CVE-2019-11135
6	- CVE-2018-12207
7	src:
8	7:
9	core:
10	- kernel-5.3.11-1.mga7
11	- kmod-virtualbox-6.0.14-6.mga7
12	- kmod-xtables-addons-3.5-9.mga7
13	description: \|
14	This kernel update is based on the upstream 5.3.13 and fixes atleast the
15	following security issues:
16
17	Insufficient access control in a subsystem for Intel (R) processor graphics
18	may allow an authenticated user to potentially enable escalation of
19	privilege via local access (CVE-2019-0155).
20
21	TSX Asynchronous Abort condition on some CPUs utilizing speculative
22	execution may allow an authenticated user to potentially enable
23	information disclosure via a side channel with local access
24	(CVE-2019-11135).
25
26	Improper invalidation for page table updates by a virtual guest operating
27	system for multiple Intel(R) Processors may allow an authenticated user to
28	potentially enable denial of service of the host system via local access
29	(CVE-2018-12207).
30
31	For proper mitigations and fixes for theese issues, a microcode update is
32	also needed, either with a bios/uefi update from your hardware vendor or
33	by installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688).
34
35	For other upstream fixes in this update, see the referenced changelogs.
36	references:
37	- https://bugs.mageia.org/show_bug.cgi?id=25686
38	- https://bugs.mageia.org/show_bug.cgi?id=25688
39	- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
40	- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
41	- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10
42	- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
43	ID: MGASA-2019-0332