Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0392: kernel security update

    Date 21 Oct 2020
    183
    Posted By LinuxSecurity Advisories
    A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and
    MGASA-2020-0392 - Updated kernel packages fix security vulnerabilities
    
    Publication date: 21 Oct 2020
    URL: https://advisories.mageia.org/MGASA-2020-0392.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-12351,
         CVE-2020-12352,
         CVE-2020-14385,
         CVE-2020-14386,
         CVE-2020-14390,
         CVE-2020-24490,
         CVE-2020-25211,
         CVE-2020-25221,
         CVE-2020-25284,
         CVE-2020-25285,
         CVE-2020-25641,
         CVE-2020-25643,
         CVE-2020-25645
    
    A flaw was found in the way the Linux kernel Bluetooth implementation handled
    L2CAP packets with A2MP CID. A remote attacker in adjacent range could use
    this flaw to crash the system causing denial of service or potentially execute
    arbitrary code on the system by sending a specially crafted L2CAP packet. The
    highest threat from this vulnerability is to data confidentiality and
    integrity as well as system availability (CVE-2020-12351).
    
    An information leak flaw was found in the way the Linux kernel's Bluetooth
    stack implementation handled initialization of stack memory when handling
    certain AMP packets. A remote attacker in adjacent range could use this flaw
    to leak small portions of stack memory on the system by sending a specially
    crafted AMP packets. The highest threat from this vulnerability is to data
    confidentiality (CVE-2020-12352).
    
    A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file
    system metadata validator in XFS can cause an inode with a valid,
    user-creatable extended attribute to be flagged as corrupt. This can lead to
    the filesystem being shutdown, or otherwise rendered inaccessible until it is
    remounted, leading to a denial of service. The highest threat from this
    vulnerability is to system availability (CVE-2020-14385).
    
    A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be
    exploited to gain root privileges from unprivileged processes. The highest
    threat from this vulnerability is to data confidentiality and integrity
    (CVE-2020-14386).
    
    A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing
    screen size, an out-of-bounds memory write can occur leading to memory
    corruption or a denial of service. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out (CVE-2020-14390).
    
    A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth
    implementation processed extended advertising report events. This flaw allows
    a remote attacker in an adjacent range to crash the system, causing a denial
    of service or to potentially execute arbitrary code on the system by sending a
    specially crafted Bluetooth packet. The highest threat from this vulnerability
    is to confidentiality, integrity, as well as system availability
    (CVE-2020-24490).
    
    In the Linux kernel through 5.8.7, local attackers able to inject conntrack
    netlink configuration could overflow a local buffer, causing crashes or
    triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter
    in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211).
    
    get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7
    allows privilege escalation because of incorrect reference counting (caused by
    gate page mishandling) of the struct page that backs the vsyscall page. The
    result is a refcount underflow. This can be triggered by any 64-bit process
    that can use ptrace() or process_vm_readv() (CVE-2020-25221).
    
    The rbd block device driver in drivers/block/rbd.c in the Linux kernel through
    5.8.9 used incomplete permission checking for access to rbd devices, which
    could be leveraged by local attackers to map or unmap rbd block devices
    (CVE-2020-25284).
    
    A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux
    kernel before 5.8.8 could be used by local attackers to corrupt memory, cause
    a NULL pointer dereference, or possibly have unspecified other impact
    (CVE-2020-25285).
    
    A flaw was found in the Linux kernel's implementation of biovecs in versions
    before 5.9-rc7. A zero-length biovec request issued by the block subsystem
    could cause the kernel to enter an infinite loop, causing a denial of
    service. This flaw allows a local attacker with basic privileges to issue
    requests to a block device, resulting in a denial of service. The highest
    threat from this vulnerability is to system availability (CVE-2020-25641).
    
    A flaw was found in the HDLC_PPP module of the Linux kernel in versions before
    5.9-rc7. Memory corruption and a read overflow is caused by improper input
    validation in the ppp_cp_parse_cr function which can cause the system to crash
    or cause a denial of service. The highest threat from this vulnerability is to
    data confidentiality and integrity as well as system availability
    (CVE-2020-25643).
    
    A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic
    between two Geneve endpoints may be unencrypted when IPsec is configured to
    encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing
    anyone between the two endpoints to read the traffic unencrypted. The main
    threat from this vulnerability is to data confidentiality (CVE-2020-25645).
    
    Also, the xtables-addons package has been updated to version 3.11.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27443
    - https://www.linuxkernelcves.com/cves/CVE-2020-14385
    - https://www.linuxkernelcves.com/cves/CVE-2020-14386
    - https://www.linuxkernelcves.com/cves/CVE-2020-14390
    - https://www.linuxkernelcves.com/cves/CVE-2020-25211
    - https://www.linuxkernelcves.com/cves/CVE-2020-25221
    - https://www.linuxkernelcves.com/cves/CVE-2020-25284
    - https://www.linuxkernelcves.com/cves/CVE-2020-25285
    - https://www.linuxkernelcves.com/cves/CVE-2020-25641
    - https://www.linuxkernelcves.com/cves/CVE-2020-25643
    - https://www.linuxkernelcves.com/cves/CVE-2020-25645
    - https://access.redhat.com/security/cve/CVE-2020-12351
    - https://access.redhat.com/security/cve/CVE-2020-12352
    - https://access.redhat.com/security/cve/CVE-2020-24490
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12351
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12352
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14385
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14386
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24490
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25211
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25221
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25641
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645
    
    SRPMS:
    - 7/core/kernel-5.7.19-3.mga7
    - 7/core/kmod-virtualbox-6.0.24-6.mga7
    - 7/core/xtables-addons-3.11-1.mga7
    - 7/core/kmod-xtables-addons-3.11-1.mga7
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"18","type":"x","order":"1","pct":3.5,"resources":[]},{"id":"159","title":"False","votes":"496","type":"x","order":"2","pct":96.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.