Updated kernel packages fix security vulnerabilitiesPublication date: 22 Sep 2018
Affected Mageia releases : 6
CVE: CVE-2018-5391 , CVE-2018-14641 , CVE-2018-17182
This kernel update is based on the upstream 4.14.70 and adds additional fixes for the L1TF security issues. It also fixes atleast the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack). A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel caused by fixes for CVE-2018-5391, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service (CVE-2018-14641). An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (CVE-2018-17182). Other fixes in this update: * drm: fix use of freed memory in drm_mode_setcrtc * drm/i915: Apply the GTT write flush for all !llc machines * net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC (fixes a kernel crash) * pinctrl/amd: only handle irq if it is pending and unmasked (possible real fix for the interrupt storm on Ryzen platform) For other uptstream fixes in this update, see the referenced changelog.