Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Mageia 7: MGASA-2020-0333 Critical: Kernel Security Issues

mageia
Calendar Grey August 18, 2020
Dist Mageia Esm H88
The recent Mageia kernel version rollout addresses numerous vulnerabilities such as denial of service (DoS) and sensitive data leaks, bolstering overall system security.
This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An...

Summary

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues:
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c (CVE-2019-18814).
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (CVE-2019-19462).
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-0543).
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data (CVE-2020-10732).
A flaw was found in the Lin...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27006

- https://kernelnewbies.org/Linux_5.7

- - - - - - - - - - - - - https://access.redhat.com/security/cve/CVE-2020-10766

- https://access.redhat.com/security/cve/CVE-2020-10767

- https://access.redhat.com/security/cve/CVE-2020-10768

- https://access.redhat.com/security/cve/CVE-2020-10781

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.14

- https://www.cve.org/CVERecord?id=CVE-2019-18814

- https://www.cve.org/CVERecord?id=CVE-2019-19462

- https://www.cve.org/CVERecord?id=CVE-2020-0543

- https://www.cve.org/CVERecord?id=CVE-2020-10732

- https://www.cve.org/CVERecord?id=CVE-2020-10757

- https://www.cve.org/CVERecord?id=CVE-2020-10766

- https://www.cve.org/CVERecord?id=CVE-2020-10766

- https://www.cve.org/CVERecord?id=CVE-2020-10767

- https://www.cve.org/CVERecord?id=CVE-2020-10767

- https://www.cve.org/CVERecord?id=CVE-2020-10768

- https://www.cve.org/CVERecord?id=CVE-2020-10768

- https://www.cve.org/CVERecord?id=CVE-2020-10781

- https://www.cve.org/CVERecord?id=CVE-2020-10781

- https://www.cve.org/CVERecord?id=CVE-2020-15393

- https://www.cve.org/CVERecord?id=CVE-2020-15780

- https://www.cve.org/CVERecord?id=CVE-2020-15852

Topics%20covered

Topics Covered

security advisory denial of service kernel update information disclosure CVE issue Mageia 7

Resolution

SRPMS

- 7/core/kernel-5.7.14-1.mga7

- 7/core/kmod-virtualbox-6.0.24-4.mga7

- 7/core/xtables-addons-3.10-1.mga7

- 7/core/kmod-xtables-addons-3.10-2.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 18 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0333.html
Type: security
CVE: CVE-2019-18814, CVE-2019-19462, CVE-2020-0543, CVE-2020-10732, CVE-2020-10757, CVE-2020-10766, CVE-2020-10766, CVE-2020-10767, CVE-2020-10767, CVE-2020-10768, CVE-2020-10768, CVE-2020-10781, CVE-2020-10781, CVE-2020-15393, CVE-2020-15780, CVE-2020-15852

Topics%20covered

Topics Covered

security advisory denial of service kernel update information disclosure CVE issue Mageia 7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here