Advisories ยป MGASA-2018-0187

Updated kernel packages fix security vulnerabilities

Publication date: 30 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-5754 , CVE-2018-1068 , CVE-2018-1000004


This kernel update is based on the upstream 4.14.30 and fixes at least
the following security issues:

The KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86 has been
updated to revision 4.

A flaw was found in the Linux kernel implementation of 32 bit syscall
interface for bridging allowing a privileged user to arbitrarily write
to a limited range of kernel memory. This flaw can be exploited not only
by a system's privileged user (a real "root" user), but also by an
attacker who is a privileged user (a "root" user) in a user+network
namespace (CVE-2018-1068).

A race condition vulnerability exists in the sound system, that can
lead to a deadlock and denial of service condition (CVE-2018-1000004).

Other changes in this update:

3rdparty rtl8812au driver has been updated to v5.2.20 (mga#22808) and
adds fixes for KRACK security issue.

For other upstream fixes in this update, read the referenced changelogs.