MGASA-2019-0221
Vulnerability Summary
Timeline
Description
Updated kernel packages fix security vulnerabilities This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125). A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (CVE-2019-3846). An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (CVE-2019-3900). A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207). WireGuard has been updated to 0.0.20190702. For other uptstream fixes in this update, see the referenced changelogs.
Affected Systems
- mageia•kernel
< 4.14.137-1.mga6
- mageia•kernel-userspace-headers
< 4.14.137-1.mga6
- mageia•kmod-vboxadditions
< 6.0.10-2.mga6
- mageia•kmod-virtualbox
< 6.0.10-2.mga6
- mageia•kmod-xtables-addons
< 2.13-90.mga6
- mageia•wireguard-tools
< 0.0.20190702-1.mga6
References (8)
- https://advisories.mageia.org/MGASA-2019-0221.html
- https://bugs.mageia.org/show_bug.cgi?id=25239
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.132
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.133
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.135
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.136
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.137