Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia: 2020-0158 High: Kernel-Linus Use-After-Free Issues

mageia
Calendar Grey April 3, 2020
Dist Mageia Esm H88
The Mageia security advisory MGASA-2020-0158 identifies severe weaknesses within the kernel-linus packages, aiming to bolster system integrity and reliability.
This update is based on upstream 5.5.15 and fixes atleast the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_...

Summary

This update is based on upstream 5.5.15 and fixes atleast the following security vulnerabilities:
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer) (CVE-2019-19768).
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h) (CVE-2019-19769).
A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor (CVE-2020-2732).
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647).
The...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26426

- https://kernelnewbies.org/Linux_5.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.1

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.2

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.6

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.14

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.15

- https://www.cve.org/CVERecord?id=CVE-2019-19768

- https://www.cve.org/CVERecord?id=CVE-2019-19769

- https://www.cve.org/CVERecord?id=CVE-2020-2732

- https://www.cve.org/CVERecord?id=CVE-2020-8647

- https://www.cve.org/CVERecord?id=CVE-2020-8648

- https://www.cve.org/CVERecord?id=CVE-2020-8649

- https://www.cve.org/CVERecord?id=CVE-2020-8835

- https://www.cve.org/CVERecord?id=CVE-2020-9383

- https://www.cve.org/CVERecord?id=CVE-2020-9391

Topics%20covered

Topics Covered

security advisory memory corruption information exposure use-after-free Mageia kernel-linus instruction emulation

Resolution

SRPMS

- 7/core/kernel-5.5.15-1.mga7

Publication date: 03 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0158.html
Type: security
CVE: CVE-2019-19768, CVE-2019-19769, CVE-2020-2732, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, CVE-2020-8835, CVE-2020-9383, CVE-2020-9391

Topics%20covered

Topics Covered

security advisory memory corruption information exposure use-after-free Mageia kernel-linus instruction emulation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here