Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia: 2019-0097 Critical: Kernel Update Addresses Multiple Threats

mageia
Calendar Grey February 21, 2019
Dist Mageia Esm H88
The kernel software patch MGASA-2019-0098 resolves several vulnerabilities to improve system performance and robustness.
This kernel update is based on the upstream 4.14.100 and fixes atleast the following security issues: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor...

Summary

This kernel update is based on the upstream 4.14.100 and fixes atleast the following security issues:
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system (CVE-2018-16882).
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24331

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.90

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.91

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.92

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.94

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.95

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.96

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.97

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.98

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.100

- https://www.cve.org/CVERecord?id=CVE-2018-16882

- https://www.cve.org/CVERecord?id=CVE-2018-16884

- https://www.cve.org/CVERecord?id=CVE-2018-19985

- https://www.cve.org/CVERecord?id=CVE-2019-3701

- https://www.cve.org/CVERecord?id=CVE-2019-3819

- https://www.cve.org/CVERecord?id=CVE-2019-6974

- https://www.cve.org/CVERecord?id=CVE-2019-7221

- https://www.cve.org/CVERecord?id=CVE-2019-7222

Topics%20covered

Topics Covered

security advisory privilege escalation DoS kernel system update use-after-free Mageia

Resolution

SRPMS

- 6/core/kernel-4.14.100-1.mga6

- 6/core/kernel-userspace-headers-4.14.100-1.mga6

- 6/core/kmod-vboxadditions-5.2.24-4.mga6

- 6/core/kmod-virtualbox-5.2.24-4.mga6

- 6/core/kmod-xtables-addons-2.13-78.mga6

- 6/core/ndiswrapper-1.62-1.mga6

- 6/core/wireguard-tools-0.0.20190123-1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0097.html
Type: security
CVE: CVE-2018-16882, CVE-2018-16884, CVE-2018-19985, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222

Topics%20covered

Topics Covered

security advisory privilege escalation DoS kernel system update use-after-free Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here