Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Mageia: 2019-0170 Critical Kernel Update Addresses Multiple Issues

mageia
Calendar Grey May 12, 2019
Dist Mageia Esm H88
The security revision of Fedora's core software tackles severe system flaws, issued on June 28, 2020, to enhance overall defense.
This kernel update is based on the upstream 4.14.116 and fixes atleast the following security issues: A flaw was found in the Linux kernel's vfio interface implementation that per...

Summary

This kernel update is based on the upstream 4.14.116 and fixes atleast the following security issues:
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882).
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (CVE-2019-7308).
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486).
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layou...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24773

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.107

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.108

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.109

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.110

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.115

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.116

- https://www.cve.org/CVERecord?id=CVE-2019-3882

- https://www.cve.org/CVERecord?id=CVE-2019-7308

- https://www.cve.org/CVERecord?id=CVE-2019-11486

- https://www.cve.org/CVERecord?id=CVE-2019-11599

Topics%20covered

Topics Covered

security advisory security issue DoS kernel Linux kernel Mageia memory exploitation

Resolution

SRPMS

- 6/core/kernel-4.14.116-1.mga6

- 6/core/kernel-userspace-headers-4.14.116-1.mga6

- 6/core/kmod-vboxadditions-6.0.6-2.mga6

- 6/core/kmod-virtualbox-6.0.6-2.mga6

- 6/core/kmod-xtables-addons-2.13-84.mga6

- 6/core/wireguard-tools-0.0.20190406-1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 12 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0170.html
Type: security
CVE: CVE-2019-3882, CVE-2019-7308, CVE-2019-11486, CVE-2019-11599

Topics%20covered

Topics Covered

security advisory security issue DoS kernel Linux kernel Mageia memory exploitation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here