MGASA-2018-0249
Vulnerability Summary
Timeline
Description
Updated kernel packages fix security vulnerabilities This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel (CVE-2018-1087). The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092). The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (CVE-2018-1093). The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1094). The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1095). Predictable Random Number Generator Weakness (CVE-2018-1108). A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local user to cause a denial of service by a number of certain crafted system calls (CVE-2018-1130). The Linux kernel does not properly handle debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. As a result, a local user can cause the kernel to crash (CVE-2018-8897). WireGuard has been updated to 0.0.20180420. For other fixes in this update, see the referenced changelogs.
Affected Systems
- mageia•kernel
< 4.14.40-1.mga6
- mageia•kernel-userspace-headers
< 4.14.40-1.mga6
- mageia•kmod-vboxadditions
< 5.2.8-14.mga6
- mageia•kmod-virtualbox
< 5.2.8-14.mga6
- mageia•kmod-xtables-addons
< 2.13-34.mga6
- mageia•wireguard-tools
< 0.0.20180420-1.mga6
References (12)
- https://advisories.mageia.org/MGASA-2018-0249.html
- https://bugs.mageia.org/show_bug.cgi?id=22909
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.31
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.32
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.33
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.34
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.35
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.36
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.37
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.38
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.39
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.40