Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia: 2019-0332 Moderate: Kernel Privilege Escalation and DoS

mageia
Calendar Grey November 19, 2019
Dist Mageia Esm H88
MGASA-2019-0332 - Updated kernel packages fix security vulnerabilities Publication date: 19 Nov 2019
This kernel update is based on the upstream 5.3.13 and fixes atleast the following security issues: Insufficient access control in a subsystem for Intel (R) processor graphics may ...

Summary

This kernel update is based on the upstream 5.3.13 and fixes atleast the following security issues:
Insufficient access control in a subsystem for Intel (R) processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access (CVE-2019-0155).
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access (CVE-2019-11135).
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207).
For proper mitigations and fixes for theese issues, a microcode update is also needed, either with a bios/uefi update from your hardware vendor or by installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688).
For other upstream f...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25686

- https://bugs.mageia.org/show_bug.cgi?id=25688

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

- https://www.cve.org/CVERecord?id=CVE-2019-0155

- https://www.cve.org/CVERecord?id=CVE-2019-11135

- https://www.cve.org/CVERecord?id=CVE-2018-12207

Resolution

SRPMS

- 7/core/kernel-5.3.11-1.mga7

- 7/core/kmod-virtualbox-6.0.14-6.mga7

- 7/core/kmod-xtables-addons-3.5-9.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0332.html
Type: security
CVE: CVE-2019-0155, CVE-2019-11135, CVE-2018-12207

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here