Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 6: MGASA-2019-0221 Moderate: Kernel Security Issues

mageia
Calendar Grey August 12, 2019
Dist Mageia Esm H88
Recent kernel updates address particular vulnerabilities and improve system security, essential for Mageia 6 users.
This kernel update is based on the upstream 4.14.137 and fixes atleast the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of sys...

Summary

This kernel update is based on the upstream 4.14.137 and fixes atleast the following security issues:
A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125).
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (CVE-2019-3846).
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (CVE-2019-3900).
A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local acce...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25239

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.132

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.133

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.135

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.136

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.137

- https://www.cve.org/CVERecord?id=CVE-2019-1125

- https://www.cve.org/CVERecord?id=CVE-2019-3846

- https://www.cve.org/CVERecord?id=CVE-2019-3900

- https://www.cve.org/CVERecord?id=CVE-2019-10207

Topics%20covered

Topics Covered

security advisory kernel update DoS memory corruption Mageia 6 Bluetooth flaw

Resolution

SRPMS

- 6/core/kernel-4.14.137-1.mga6

- 6/core/kernel-userspace-headers-4.14.137-1.mga6

- 6/core/kmod-vboxadditions-6.0.10-2.mga6

- 6/core/kmod-virtualbox-6.0.10-2.mga6

- 6/core/kmod-xtables-addons-2.13-90.mga6

- 6/core/wireguard-tools-0.0.20190702-1.mga6

Publication date: 12 Aug 2019
URL: https://advisories.mageia.org/MGASA-2019-0221.html
Type: security
CVE: CVE-2019-1125, CVE-2019-3846, CVE-2019-3900, CVE-2019-10207

Topics%20covered

Topics Covered

security advisory kernel update DoS memory corruption Mageia 6 Bluetooth flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here