Updated kernel packages fix security vulnerabilitiesPublication date: 30 Mar 2018
Affected Mageia releases : 6
CVE: CVE-2017-5754 , CVE-2018-1068 , CVE-2018-1000004
This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues: The KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86 has been updated to revision 4. A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a privileged user to arbitrarily write to a limited range of kernel memory. This flaw can be exploited not only by a system's privileged user (a real "root" user), but also by an attacker who is a privileged user (a "root" user) in a user+network namespace (CVE-2018-1068). A race condition vulnerability exists in the sound system, that can lead to a deadlock and denial of service condition (CVE-2018-1000004). Other changes in this update: 3rdparty rtl8812au driver has been updated to v5.2.20 (mga#22808) and adds fixes for KRACK security issue. For other upstream fixes in this update, read the referenced changelogs.