Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Mageia: 2019-0287 Moderate: Kernel Update Fixes Multiple Security Issues

mageia
Calendar Grey September 21, 2019
Dist Mageia Esm H88
The kernel patch MGASA-2019-0287 addresses several security vulnerabilities, such as potential buffer overflows and risks associated with privilege escalation.
This kernel update is based on the upstream 4.14.145 and fixes atleast the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allo...

Summary

This kernel update is based on the upstream 4.14.145 and fixes atleast the following security issues:
There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816).
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (CVE-2019-14821).
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25453

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.138

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.139

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.140

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.141

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.142

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.143

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.144

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.145

- https://www.cve.org/CVERecord?id=CVE-2019-14814

- https://www.cve.org/CVERecord?id=CVE-2019-14815

- https://www.cve.org/CVERecord?id=CVE-2019-14816

- https://www.cve.org/CVERecord?id=CVE-2019-14821

- https://www.cve.org/CVERecord?id=CVE-2019-14835

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow kernel update Mageia Code execution KVM vulnerability

Resolution

SRPMS

- 6/core/kernel-4.14.145-2.mga6

- 6/core/kernel-userspace-headers-4.14.145-2.mga6

- 6/core/kmod-vboxadditions-6.0.10-4.mga6

- 6/core/kmod-virtualbox-6.0.10-4.mga6

- 6/core/kmod-xtables-addons-2.13-92.mga6

- 6/core/wireguard-tools-0.0.20190913-1.mga6

Publication date: 21 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0287.html
Type: security
CVE: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow kernel update Mageia Code execution KVM vulnerability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here