MGASA-2019-0120

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-9213

Published: 29 Mar 2019, 15:51

Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Mar 2019, 15:51

Published

Vulnerability first disclosed

16 Apr 2026, 04:26

Last Modified

Vulnerability information updated

Description

Updated kernel packages fix security vulnerability This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (CVE-2019-9213). It also adds a preparatory fix for Skylake systems that will receive a microcode update at a later date to address a TSX errata. WireGuard has been updated to 0.0.20190227. For other uptstream fixes in this update, see the referenced changelogs.

Affected Systems

mageia•kernel
< 4.14.106-1.mga6
mageia•kernel-userspace-headers
< 4.14.106-1.mga6
mageia•kmod-vboxadditions
< 5.2.24-9.mga6
mageia•kmod-virtualbox
< 5.2.24-9.mga6
mageia•kmod-xtables-addons
< 2.13-83.mga6
mageia•wireguard-tools
< 0.0.20190227-1.mga6

MGASA-2019-0120

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)