Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Mageia: 2020-0156 Moderate: Kernel Use After Free and Info Disclosure

mageia
Calendar Grey April 2, 2020
Dist Mageia Esm H88
Mageia 2021-0167 enhances kernel components to address security issues, such as buffer overflow and privilege escalation.
This update is based on upstream 5.5.14 and fixes atleast the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lo...

Summary

This update is based on upstream 5.5.14 and fixes atleast the following security vulnerabilities:
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h) (CVE-2019-19769).
Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges (CVE-2020-8835).
Security fixes and hardenings to the mac00211 layer to prevent leaking keys and frames.
Other notable changes in this update: - WireGuard kernel module has been updated to v1.0.20200330 and the tools to v1.0.20200319. - exfat-utils has been rebuilt in core (was previously in tainted) as we now also ship the official upstream exfat driver.
For other upstream fixes in this update, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=26420

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.14

- https://www.cve.org/CVERecord?id=CVE-2019-19769

- https://www.cve.org/CVERecord?id=CVE-2020-8835

Topics%20covered

Topics Covered

security advisory moderate kernel information disclosure use after free administrative privileges Mageia

Resolution

SRPMS

- 7/core/kernel-5.5.14-1.mga7

- 7/core/kmod-virtualbox-6.0.18-8.mga7

- 7/core/kmod-xtables-addons-3.8-8.mga7

- 7/core/wireguard-tools-1.0.20200319-1.mga7

- 7/core/exfat-utils-1.3.0-2.mga7

Publication date: 02 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0156.html
Type: security
CVE: CVE-2019-19769, CVE-2020-8835

Topics%20covered

Topics Covered

security advisory moderate kernel information disclosure use after free administrative privileges Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here