Mageia: 2019-0333 Critical Security Update for Kernel-Linus

mageia

November 19, 2019

This kernel-linus update is based on the upstream 5.3.13 and fixes atleast the following security issues: Insufficient access control in a subsystem for Intel (R) processor graphic...

Summary

This kernel-linus update is based on the upstream 5.3.13 and fixes atleast the following security issues:
Insufficient access control in a subsystem for Intel (R) processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access (CVE-2019-0155).
A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125).
A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207).
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25687

- https://bugs.mageia.org/show_bug.cgi?id=25688

- https://kernelnewbies.org/Linux_5.2

- https://kernelnewbies.org/Linux_5.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.1

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.2

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

- https://www.cve.org/CVERecord?id=CVE-2019-0155

- https://www.cve.org/CVERecord?id=CVE-2019-1125

- https://www.cve.org/CVERecord?id=CVE-2019-10207

- https://www.cve.org/CVERecord?id=CVE-2019-11135

- https://www.cve.org/CVERecord?id=CVE-2018-12207

- https://www.cve.org/CVERecord?id=CVE-2019-14814

- https://www.cve.org/CVERecord?id=CVE-2019-14815

- https://www.cve.org/CVERecord?id=CVE-2019-14816

- https://www.cve.org/CVERecord?id=CVE-2019-14821

- https://www.cve.org/CVERecord?id=CVE-2019-14835

- https://www.cve.org/CVERecord?id=CVE-2019-16714

- https://www.cve.org/CVERecord?id=CVE-2019-17666

Topics Covered

security advisory denial of service access control kernel local access information disclosure Mageia

Resolution

SRPMS

- 7/core/kernel-linus-5.3.11-1.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 19 Nov 2019

URL: https://advisories.mageia.org/MGASA-2019-0333.html

Type: security

CVE: CVE-2019-0155, CVE-2019-1125, CVE-2019-10207, CVE-2019-11135, CVE-2018-12207, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835, CVE-2019-16714, CVE-2019-17666

Topics Covered

security advisory denial of service access control kernel local access information disclosure Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks