MGASA-2020-0201 - Updated kernel packages fix security vulnerability Publication date: 05 May 2020 URL: https://advisories.mageia.org/MGASA-2020-0201.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-12464 This update is based on the upstream 5.6.8 kernel and fixes atleast the following security issue: usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference(CVE-2020-12464). Other fixes in this update: - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - Fix use after free in get_tree_bdev() - propagate_one(): mnt_set_mountpoint() needs mount_lock - iwlwifi: pcie: handle QuZ configs with killer NICs as well - Fix building out of tree modules on aarch64 (pterjan) For other fixes and changes in this update, see the refenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=26570 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464 SRPMS: - 7/core/kernel-5.6.8-1.mga7 - 7/core/kmod-virtualbox-6.0.20-4.mga7 - 7/core/kmod-xtables-addons-3.9-2.mga7
Mageia 2020-0201: kernel security update
This update is based on the upstream 5.6.8 kernel and fixes atleast the following security issue: usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has ...
Summary
This update is based on the upstream 5.6.8 kernel and fixes atleast
the following security issue:
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before
5.6.8 has a use-after-free because a transfer occurs without a
reference(CVE-2020-12464).
Other fixes in this update:
- printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
- Fix use after free in get_tree_bdev()
- propagate_one(): mnt_set_mountpoint() needs mount_lock
- iwlwifi: pcie: handle QuZ configs with killer NICs as well
- Fix building out of tree modules on aarch64 (pterjan)
For other fixes and changes in this update, see the refenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=26570
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464
Resolution
MGASA-2020-0201 - Updated kernel packages fix security vulnerability
SRPMS
- 7/core/kernel-5.6.8-1.mga7
- 7/core/kmod-virtualbox-6.0.20-4.mga7
- 7/core/kmod-xtables-addons-3.9-2.mga7
Severity
Publication date: 05 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0201.html
Type: security
CVE: CVE-2020-12464
News
HOWTOs
Features
About Us
Powered By
