Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Mageia: 2020-0089 Moderate: Kernel-Linus Memory Leak And Overflow

mageia
Calendar Grey February 18, 2020
Dist Mageia Esm H88
This release resolves various vulnerabilities in Fedora's kernel-mainline, significantly boosting system protection.
This update provides upstream 5.4.20, adding support for new hardware and features, and resolves atleast the following security issues: In a Linux KVM guest that has PV TLB enable...

Summary

This update provides upstream 5.4.20, adding support for new hardware and features, and resolves atleast the following security issues:
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out (CVE-2019-3016).
Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts (CVE-2019-14615).
A heap-based buffer overflow was discovered in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (CVE-2019-14895).
A heap-...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26099

- https://kernelnewbies.org/Linux_5.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.6

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.15

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.18

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.19

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.20

- https://www.cve.org/CVERecord?id=CVE-2019-3016

- https://www.cve.org/CVERecord?id=CVE-2019-14615

- https://www.cve.org/CVERecord?id=CVE-2019-14895

- https://www.cve.org/CVERecord?id=CVE-2019-14896

- https://www.cve.org/CVERecord?id=CVE-2019-14897

- https://www.cve.org/CVERecord?id=CVE-2019-19037

- https://www.cve.org/CVERecord?id=CVE-2019-19332

- https://www.cve.org/CVERecord?id=CVE-2020-8428

Topics%20covered

Topics Covered

security advisory buffer overflow memory leak kernel information disclosure Denial of service Mageia

Resolution

SRPMS

- 7/core/kernel-linus-5.4.20-1.mga7

Publication date: 18 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0089.html
Type: security
CVE: CVE-2019-3016, CVE-2019-14615, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-19037, CVE-2019-19332, CVE-2020-8428

Topics%20covered

Topics Covered

security advisory buffer overflow memory leak kernel information disclosure Denial of service Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here