Advisories » MGASA-2019-0217

Updated kernel packages fix security vulnerability

Publication date: 03 Aug 2019
Type: security
Affected Mageia releases : 7


This kernel update is based on the upstream 5.1.20 and fixes at least
the following security issue:

With Xen, virtual device backends and device models running in domain 0,
or other backend driver domains, need to be able to map guest memory
(either via grant mappings, or via the foreign mapping interface). For
Linux to keep track of these mappings, it needs to have a page structure
for each one. In PV dom0, a range of pfns are typically set aside at boot
(“pre-ballooned”) for this purpose; for PVH and Arm dom0s, no memory is
set aside to begin with. In either case, when more of this “foreign / grant
map pfn space” is needed, dom0 will balloon out extra pages to use for this
purpose. Unfortunately, in Linux, there are no limits, either on the total
amount of memory which dom0 will attempt to balloon down to, nor on the
amount of “foreign / grant map” memory which any individual guest can
consume. As a result, a malicious guest may be able, with crafted requests
to the backend, to cause dom0 to exhaust its own memory, leading to a host
crash; and if this is not possible, it may be able to monopolize all of the
foreign / grant map pfn space, starving out other guests (XSA-300).

Other changes in this update:
- kernel configs:
  * enable Full dynticks system (tickless) (NO_HZ_FULL)
  * enable CONFIG_RCU_NOCB_CPU (mga#24701)
- add kernel side support for temperature monitoring on Amd Ryzen 3000
  series (lm_sensors 3.5.0-2.1.mga7 or newer is also needed)

For other upstream changes in this update, see the referenced changelogs.

Note! This is the last update that is based on the upstream 5.1 series.
      Next update will be based on the upstream 5.2 series.