1 |
type: security |
2 |
subject: Updated kernel-linus packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2019-0155 |
5 |
- CVE-2019-1125 |
6 |
- CVE-2019-10207 |
7 |
- CVE-2019-11135 |
8 |
- CVE-2018-12207 |
9 |
- CVE-2019-14814 |
10 |
- CVE-2019-14815 |
11 |
- CVE-2019-14816 |
12 |
- CVE-2019-14821 |
13 |
- CVE-2019-14835 |
14 |
- CVE-2019-16714 |
15 |
- CVE-2019-17666 |
16 |
src: |
17 |
7: |
18 |
core: |
19 |
- kernel-linus-5.3.11-1.mga7 |
20 |
description: | |
21 |
This kernel-linus update is based on the upstream 5.3.13 and fixes atleast |
22 |
the following security issues: |
23 |
|
24 |
Insufficient access control in a subsystem for Intel (R) processor graphics |
25 |
may allow an authenticated user to potentially enable escalation of |
26 |
privilege via local access (CVE-2019-0155). |
27 |
|
28 |
A Spectre SWAPGS gadget was found in the Linux kernel's implementation of |
29 |
system interrupts. An attacker with local access could use this information |
30 |
to reveal private data through a Spectre like side channel (CVE-2019-1125). |
31 |
|
32 |
A flaw was found in the Linux kernel’s Bluetooth implementation of UART. |
33 |
An attacker with local access and write permissions to the Bluetooth |
34 |
hardware could use this flaw to issue a specially crafted ioctl function |
35 |
call and cause the system to crash (CVE-2019-10207). |
36 |
|
37 |
TSX Asynchronous Abort condition on some CPUs utilizing speculative |
38 |
execution may allow an authenticated user to potentially enable |
39 |
information disclosure via a side channel with local access |
40 |
(CVE-2019-11135). |
41 |
|
42 |
Improper invalidation for page table updates by a virtual guest operating |
43 |
system for multiple Intel(R) Processors may allow an authenticated user to |
44 |
potentially enable denial of service of the host system via local access |
45 |
(CVE-2018-12207). |
46 |
|
47 |
For proper mitigations and fixes for theese issues, a microcode update is |
48 |
also needed, either with a bios/uefi update from your hardware vendor or |
49 |
by installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688). |
50 |
|
51 |
There is heap-based buffer overflow in the marvell wifi chip driver that |
52 |
allows local users to cause a denial of service(system crash) or possibly |
53 |
execute arbitrary code (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816). |
54 |
|
55 |
An out-of-bounds access issue was found in the way Linux kernel's KVM |
56 |
hypervisor implements the Coalesced MMIO write operation. It operates on |
57 |
an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write |
58 |
indices 'ring->first' and 'ring->last' value could be supplied by a host |
59 |
user-space process. An unprivileged host user or process with access to |
60 |
'/dev/kvm' device could use this flaw to crash the host kernel, resulting |
61 |
in a denial of service or potentially escalating privileges on the system |
62 |
(CVE-2019-14821). |
63 |
|
64 |
A buffer overflow flaw was found in the way Linux kernel's vhost |
65 |
functionality that translates virtqueue buffers to IOVs, logged the buffer |
66 |
descriptors during migration. A privileged guest user able to pass |
67 |
descriptors with invalid length to the host when migration is underway, |
68 |
could use this flaw to increase their privileges on the host |
69 |
(CVE-2019-14835). |
70 |
|
71 |
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c |
72 |
allows attackers to obtain sensitive information from kernel stack memory |
73 |
because tos and flags fields are not initialized (CVE-2019-16714) |
74 |
|
75 |
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux |
76 |
kernel through 5.3.6 lacks a certain upper-bound check, leading to a |
77 |
buffer overflow (CVE-2019-17666) |
78 |
|
79 |
For other upstream fixes in this update, see the referenced changelogs. |
80 |
references: |
81 |
- https://bugs.mageia.org/show_bug.cgi?id=25687 |
82 |
- https://bugs.mageia.org/show_bug.cgi?id=25688 |
83 |
- https://kernelnewbies.org/Linux_5.2 |
84 |
- https://kernelnewbies.org/Linux_5.3 |
85 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.1 |
86 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.2 |
87 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.3 |
88 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 |
89 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 |
90 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6 |
91 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 |
92 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8 |
93 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 |
94 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 |
95 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 |
96 |
ID: MGASA-2019-0333 |