Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia: 2019-0332 Moderate: Kernel Privilege Escalation and DoS

mageia
Calendar Grey November 19, 2019
Dist Mageia Esm H88
The latest kernel patch MGASA-2019-0332 enhances security for Mageia 7, tackling multiple vulnerabilities, including those affecting Intel graphics components.
This kernel update is based on the upstream 5.3.13 and fixes atleast the following security issues: Insufficient access control in a subsystem for Intel (R) processor graphics may ...

Summary

This kernel update is based on the upstream 5.3.13 and fixes atleast the following security issues:
Insufficient access control in a subsystem for Intel (R) processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access (CVE-2019-0155).
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access (CVE-2019-11135).
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207).
For proper mitigations and fixes for theese issues, a microcode update is also needed, either with a bios/uefi update from your hardware vendor or by installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688).
For other upstream f...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25686

- https://bugs.mageia.org/show_bug.cgi?id=25688

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

- https://www.cve.org/CVERecord?id=CVE-2019-0155

- https://www.cve.org/CVERecord?id=CVE-2019-11135

- https://www.cve.org/CVERecord?id=CVE-2018-12207

Topics%20covered

Topics Covered

security advisory privilege escalation DoS kernel information disclosure microcode update Mageia

Resolution

SRPMS

- 7/core/kernel-5.3.11-1.mga7

- 7/core/kmod-virtualbox-6.0.14-6.mga7

- 7/core/kmod-xtables-addons-3.5-9.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0332.html
Type: security
CVE: CVE-2019-0155, CVE-2019-11135, CVE-2018-12207

Topics%20covered

Topics Covered

security advisory privilege escalation DoS kernel information disclosure microcode update Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here