MGASA-2020-0333 - Updated kernel packages fix security vulnerability

Publication date: 18 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0333.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-18814,
     CVE-2019-19462,
     CVE-2020-0543,
     CVE-2020-10732,
     CVE-2020-10757,
     CVE-2020-10766,
     CVE-2020-10766,
     CVE-2020-10767,
     CVE-2020-10767,
     CVE-2020-10768,
     CVE-2020-10768,
     CVE-2020-10781,
     CVE-2020-10781,
     CVE-2020-15393,
     CVE-2020-15780,
     CVE-2020-15852

This provides an update to kernel 5.7 series, currently based on upstream
5.7.14 adding support for new hardware and features, and fixes at least the
following security issues:

An issue was discovered in the Linux kernel through 5.3.9. There is a
use-after-free when aa_label_parse() fails in aa_audit_rule_init() in
security/apparmor/audit.c (CVE-2019-18814).

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local
users to cause a denial of service (such as relay blockage) by triggering a
NULL alloc_percpu result (CVE-2019-19462).

Incomplete cleanup from specific special register read operations in some
Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access (CVE-2020-0543).

A flaw was found in the Linux kernel's implementation of Userspace core dumps.
This flaw allows an attacker with a local account to crash a trivial program
and exfiltrate private kernel data (CVE-2020-10732).

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way
mremap handled DAX Huge Pages. This flaw allows a local attacker with access
to a DAX enabled storage to escalate their privileges on the system
(CVE-2020-10757).

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A
bug in the logic handling allows an attacker with a local account to disable
SSBD protection during a context switch when additional speculative execution
mitigations are in place. This issue was introduced when the per task/process
conditional STIPB switching was added on top of the existing SSBD switching.
The highest threat from this vulnerability is to confidentiality
(CVE-2020-10766).

A flaw was found in the Linux kernel’s implementation of the Enhanced IBPB
(Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled
when STIBP is not available or when the Enhanced Indirect Branch Restricted
Speculation (IBRS) is available. This flaw allows a local attacker to perform
a Spectre V2 style attack when this configuration is active. The highest
threat from this vulnerability is to confidentiality (CVE-2020-10767).

A flaw was found in the prctl() function, where it can be used to enable
indirect branch speculation after it has been disabled. This call incorrectly
reports it as being 'force disabled' when it is not and opens the system to
Spectre v2 attacks. The highest threat from this vulnerability is to
confidentiality (CVE-2020-10768).

A flaw was found in the ZRAM kernel module, where a user with a local account
and the ability to read the /sys/class/zram-control/hot_add file can create
ZRAM device nodes in the /dev/ directory. This read allocates kernel memory
and is not accounted for a user that triggers the creation of that ZRAM
device. With this vulnerability, continually reading the device may consume a
large amount of system memory and cause the Out-of-Memory (OOM) killer to
activate and terminate random userspace processes, possibly making the system
inoperable (CVE-2020-10781).

In the Linux kernel through 5.7.6, usbtest_disconnect in
drivers/usb/misc/usbtest.c has a memory leak (CVE-2020-15393).

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel
before 5.7.7. Injection of malicious ACPI tables via configfs could be used by
attackers to bypass lockdown and secure boot restrictions (CVE-2020-15780).

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen
through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS
and Xen (CVE-2020-15852).

For other upstream fixes and changes in this update, see the referenced
changelogs.

Also, the xtables-addons package has been updated to version 3.10.

References:
- https://bugs.mageia.org/show_bug.cgi?id=27006
- https://kernelnewbies.org/Linux_5.7
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://www.linuxkernelcves.com/
- https://access.redhat.com/security/cve/CVE-2020-10766
- https://access.redhat.com/security/cve/CVE-2020-10767
- https://access.redhat.com/security/cve/CVE-2020-10768
- https://access.redhat.com/security/cve/CVE-2020-10781
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.9
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18814
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15852

SRPMS:
- 7/core/kernel-5.7.14-1.mga7
- 7/core/kmod-virtualbox-6.0.24-4.mga7
- 7/core/xtables-addons-3.10-1.mga7
- 7/core/kmod-xtables-addons-3.10-2.mga7

Mageia 2020-0333: kernel security update

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An...

Summary

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues:
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c (CVE-2019-18814).
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (CVE-2019-19462).
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-0543).
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data (CVE-2020-10732).
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system (CVE-2020-10757).
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality (CVE-2020-10766).
A flaw was found in the Linux kernel’s implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality (CVE-2020-10767).
A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality (CVE-2020-10768).
A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (CVE-2020-10781).
In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak (CVE-2020-15393).
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions (CVE-2020-15780).
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen (CVE-2020-15852).
For other upstream fixes and changes in this update, see the referenced changelogs.
Also, the xtables-addons package has been updated to version 3.10.

References

- https://bugs.mageia.org/show_bug.cgi?id=27006

- https://kernelnewbies.org/Linux_5.7

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://www.linuxkernelcves.com/

- https://access.redhat.com/security/cve/CVE-2020-10766

- https://access.redhat.com/security/cve/CVE-2020-10767

- https://access.redhat.com/security/cve/CVE-2020-10768

- https://access.redhat.com/security/cve/CVE-2020-10781

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.9

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.10

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.14

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18814

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19462

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10732

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10757

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10781

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10781

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15780

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15852

Resolution

MGASA-2020-0333 - Updated kernel packages fix security vulnerability

SRPMS

- 7/core/kernel-5.7.14-1.mga7

- 7/core/kmod-virtualbox-6.0.24-4.mga7

- 7/core/xtables-addons-3.10-1.mga7

- 7/core/kmod-xtables-addons-3.10-2.mga7

Severity
Publication date: 18 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0333.html
Type: security
CVE: CVE-2019-18814, CVE-2019-19462, CVE-2020-0543, CVE-2020-10732, CVE-2020-10757, CVE-2020-10766, CVE-2020-10766, CVE-2020-10767, CVE-2020-10767, CVE-2020-10768, CVE-2020-10768, CVE-2020-10781, CVE-2020-10781, CVE-2020-15393, CVE-2020-15780, CVE-2020-15852

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved