1 |
type: security |
2 |
subject: Updated kernel packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2019-19768 |
5 |
- CVE-2020-8647 |
6 |
- CVE-2020-8648 |
7 |
- CVE-2020-8649 |
8 |
- CVE-2020-9383 |
9 |
- CVE-2020-9391 |
10 |
src: |
11 |
7: |
12 |
core: |
13 |
- kernel-5.5.9-1.mga7 |
14 |
- kmod-virtualbox-6.0.18-5.mga7 |
15 |
- kmod-xtables-addons-3.8-5.mga7 |
16 |
description: | |
17 |
This update is based on upstream 5.5.9 and fixes atleast the following |
18 |
security vulnerabilities: |
19 |
|
20 |
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the |
21 |
__blk_add_trace function in kernel/trace/blktrace.c (which is used to |
22 |
fill out a blk_io_trace structure and place it in a per-cpu sub-buffer) |
23 |
(CVE-2019-19768). |
24 |
|
25 |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 |
26 |
in the vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647). |
27 |
|
28 |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 |
29 |
in the n_tty_receive_buf_common function in drivers/tty/n_tty.c |
30 |
(CVE-2020-8648). |
31 |
|
32 |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 |
33 |
in the vgacon_invert_region function in drivers/video/console/vgacon.c. |
34 |
(CVE-2020-8649). |
35 |
|
36 |
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in |
37 |
drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read |
38 |
because the FDC index is not checked for errors before assigning it, |
39 |
aka CID-2e90ca68b0d2 (CVE-2020-9383). |
40 |
|
41 |
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 |
42 |
on the AArch64 architecture. It ignores the top byte in the address |
43 |
passed to the brk system call, potentially moving the memory break |
44 |
downwards when the application expects it to move upwards, aka CID- |
45 |
dcde237319e6. This has been observed to cause heap corruption with |
46 |
the GNU C Library malloc implementation (CVE-2020-9391). |
47 |
|
48 |
Other notable changes in this update: |
49 |
- kernel is built with the updated gcc-8.4.0, thus fixing the issue |
50 |
with nvidia drivers complaining about gcc mismatch and failing the |
51 |
dkms-nvidia* builds. |
52 |
- ahci: Add Intel Comet Lake H RAID PCI ID |
53 |
- update Amd Sensor Fusion Hub driver to v4 |
54 |
- replace staging exfat driver with new upstream exfat driver |
55 |
- update rtl8812au driver for more hw support (mga#26178) |
56 |
- fscrypt: don't evict dirty inodes after removing key |
57 |
references: |
58 |
- https://bugs.mageia.org/show_bug.cgi?id=26331 |
59 |
- https://bugs.mageia.org/show_bug.cgi?id=26178 |
60 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7 |
61 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 |
62 |
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9 |
63 |
ID: MGASA-2020-0140 |