Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Mageia 7: 2020-0392 Security Advisory for Kernel Issues

mageia
Calendar Grey October 21, 2020
Dist Mageia Esm H88
The latest kernel updates resolve serious security flaws that threaten the stability and protection of systems running Mageia 7.
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID

Summary

A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-12351).
An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality (CVE-2020-12352).
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-c...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27443

- - - - - - - - - - - https://access.redhat.com/security/cve/CVE-2020-12351

- https://access.redhat.com/security/cve/CVE-2020-12352

- https://access.redhat.com/security/cve/CVE-2020-24490

- https://www.cve.org/CVERecord?id=CVE-2020-12351

- https://www.cve.org/CVERecord?id=CVE-2020-12352

- https://www.cve.org/CVERecord?id=CVE-2020-14385

- https://www.cve.org/CVERecord?id=CVE-2020-14386

- https://www.cve.org/CVERecord?id=CVE-2020-14390

- https://www.cve.org/CVERecord?id=CVE-2020-24490

- https://www.cve.org/CVERecord?id=CVE-2020-25211

- https://www.cve.org/CVERecord?id=CVE-2020-25221

- https://www.cve.org/CVERecord?id=CVE-2020-25284

- https://www.cve.org/CVERecord?id=CVE-2020-25285

- https://www.cve.org/CVERecord?id=CVE-2020-25641

- https://www.cve.org/CVERecord?id=CVE-2020-25643

- https://www.cve.org/CVERecord?id=CVE-2020-25645

Topics%20covered

Topics Covered

security advisory denial of service kernel data confidentiality CVE issue Mageia system availability

Resolution

SRPMS

- 7/core/kernel-5.7.19-3.mga7

- 7/core/kmod-virtualbox-6.0.24-6.mga7

- 7/core/xtables-addons-3.11-1.mga7

- 7/core/kmod-xtables-addons-3.11-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 21 Oct 2020
URL: https://advisories.mageia.org/MGASA-2020-0392.html
Type: security
CVE: CVE-2020-12351, CVE-2020-12352, CVE-2020-14385, CVE-2020-14386, CVE-2020-14390, CVE-2020-24490, CVE-2020-25211, CVE-2020-25221, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645

Topics%20covered

Topics Covered

security advisory denial of service kernel data confidentiality CVE issue Mageia system availability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here