Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Mageia 2020: 0073 Moderate: Kernel Security Vulnerabilities Update

mageia
Calendar Grey February 4, 2020
Dist Mageia Esm H88
Mageia 2020-0074 tackles multiple security flaws within the kernel, improving both the protection and reliability of the system.
This update is based on upstream 5.4.17 and fixes atleast the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may b...

Summary

This update is based on upstream 5.4.17 and fixes atleast the following security vulnerabilities:
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out (CVE-2019-3016).
A heap-based buffer overflow vulnerability was found in the Linux kernel, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (CVE-2019-14896).
A stack-based buffer overflow was found in the Linux kernel, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26152

- https://bugs.mageia.org/show_bug.cgi?id=16268

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.15

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17

- https://www.cve.org/CVERecord?id=CVE-2019-3016

- https://www.cve.org/CVERecord?id=CVE-2019-14896

- https://www.cve.org/CVERecord?id=CVE-2019-14897

- https://www.cve.org/CVERecord?id=CVE-2020-8428

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow kernel update heap overflow Mageia KVM guest

Resolution

SRPMS

- 7/core/kernel-5.4.17-1.mga7

- 7/core/kmod-virtualbox-6.0.16-3.mga7

- 7/core/kmod-xtables-addons-3.7-13.mga7

- 7/core/wireguard-tools-1.0.20200121-1.mga7

Publication date: 04 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0073.html
Type: security
CVE: CVE-2019-3016, CVE-2019-14896, CVE-2019-14897, CVE-2020-8428

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow kernel update heap overflow Mageia KVM guest

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here