[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2020-0073":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":70,"epss":9,"epss_history":71,"metrics":72,"affected":73},"MGASA-2020-0073","Updated kernel packages fix security vulnerabilities\n\nThis update is based on upstream 5.4.17 and fixes at least the following\nsecurity vulnerabilities:\n\nIn a Linux KVM guest that has PV TLB enabled, a process in the guest kernel\nmay be able to read memory locations from another process in the same guest.\nThis problem is limit to the host running linux kernel 4.10 with a guest\nrunning linux kernel 4.16 or later. The problem mainly affects AMD\nprocessors but Intel CPUs cannot be ruled out (CVE-2019-3016).\n\nA heap-based buffer overflow vulnerability was found in the Linux kernel,\nin Marvell WiFi chip driver. A remote attacker could cause a denial of\nservice (system crash) or, possibly execute arbitrary code, when the\nlbs_ibss_join_existing function is called after a STA connects to an AP\n(CVE-2019-14896).\n\nA stack-based buffer overflow was found in the Linux kernel, in Marvell\nWiFi chip driver. An attacker is able to cause a denial of service\n(system crash) or, possibly execute arbitrary code, when a STA works in\nIBSS mode (allows connecting stations together without the use of an AP)\nand connects to another STA (CVE-2019-14897).\n\nfs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky\nuse-after-free, which allows local users to cause a denial of service\n(OOPS) or possibly obtain sensitive information from kernel memory, aka\nCID-d0cb50185ae9. One attack vector may be an open system call for a UNIX\ndomain socket, if the socket is being moved to a new parent directory and\nits old parent directory is being removed (CVE-2020-8428).\n\narm64/KVM debug registers vulnerability affecting systems with an ARMv8.1\nor later CPU (with the Virtualisation Host Extensions). The implications\nare that a guest, for a brief period, may be able to read event counters\nbelonging to the host or potentially trigger perf-related IRQs in the host\n(no CVE assigned yet).\n\nThere is also various fixes for crashing or hanging the kernel by malicious\nusers or devices.\n\nOther additional fixes and features in this update:\n\n- WireGuard kernel module has been updated to 0.0.20200128 and the tools\n  has been updated to 1.0.20200121.\n\n- platform/x86: asus_wmi: Support throttle thermal policy, and set to\n  default to avoid overheating and throttling\n\n- hwmon/k10temp: Support for additional temperature sensors as well as\n  voltage and current telemetry for Zen CPUs\n\n- hid: add Amd Sensor Fusion Hub Driver\n\n- e1000e: Revert \"e1000e: Make watchdog use delayed work\" as it causes\n  issues on some systems\n- e1000e: Add support for Comet Lake and Tiger Lake\n\n- x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode\n  (fixing PIT not being setup on some systems)\n\n- cifs: fix soft mounts hanging in the reconnect code\n\n- move kernel preun bits to postun to fix grub2 menu cleanup on kernel\n  uninstall (mga#16268)\n\nFor other upstream fixes in this update, see the referenced changelogs.\n",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2019-3016",{"_key":17},"CVE-2019-14896",{"_key":19},"CVE-2019-14897",{"_key":21},"CVE-2020-8428",[],[],[25,26,27,28],{"_key":17},{"_key":19},{"_key":15},{"_key":21},"2020-02-04T11:07:12Z","2026-04-16T04:26:03.170801Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,40,45,49,54,58,62,66],{"url":35,"sources":36,"tags":38},"https://advisories.mageia.org/MGASA-2020-0073.html",[37],"osv_mageia",[39],"Advisory",{"url":41,"sources":42,"tags":43},"https://bugs.mageia.org/show_bug.cgi?id=26152",[37],[44],"REPORT",{"url":46,"sources":47,"tags":48},"https://bugs.mageia.org/show_bug.cgi?id=16268",[37],[44],{"url":50,"sources":51,"tags":52},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.13",[37],[44,53],"WEB",{"url":55,"sources":56,"tags":57},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14",[37],[44,53],{"url":59,"sources":60,"tags":61},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.15",[37],[44,53],{"url":63,"sources":64,"tags":65},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16",[37],[44,53],{"url":67,"sources":68,"tags":69},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17",[37],[44,53],[],[],[],[74,86,92,98],{"ecosystem":75,"name":76,"vendor":77,"product":76,"cpe_part":9,"purl_type":78,"purl_namespace":77,"purl_name":76,"source":9,"versions":79},"Mageia","kernel","mageia","rpm",[80],{"version":81,"is_range":82,"range_type":83,"version_start":9,"version_start_type":9,"version_end":84,"version_end_type":85,"fixed_in":9},"lt5_4_17_1_mga7",true,"ecosystem","5.4.17-1.mga7","excluding",{"ecosystem":75,"name":87,"vendor":77,"product":87,"cpe_part":9,"purl_type":78,"purl_namespace":77,"purl_name":87,"source":9,"versions":88},"kmod-virtualbox",[89],{"version":90,"is_range":82,"range_type":83,"version_start":9,"version_start_type":9,"version_end":91,"version_end_type":85,"fixed_in":9},"lt6_0_16_3_mga7","6.0.16-3.mga7",{"ecosystem":75,"name":93,"vendor":77,"product":93,"cpe_part":9,"purl_type":78,"purl_namespace":77,"purl_name":93,"source":9,"versions":94},"kmod-xtables-addons",[95],{"version":96,"is_range":82,"range_type":83,"version_start":9,"version_start_type":9,"version_end":97,"version_end_type":85,"fixed_in":9},"lt3_7_13_mga7","3.7-13.mga7",{"ecosystem":75,"name":99,"vendor":77,"product":99,"cpe_part":9,"purl_type":78,"purl_namespace":77,"purl_name":99,"source":9,"versions":100},"wireguard-tools",[101],{"version":102,"is_range":82,"range_type":83,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":85,"fixed_in":9},"lt1_0_20200121_1_mga7","1.0.20200121-1.mga7"]