Advisories ยป MGASA-2020-0228

Updated kernel-linus packages fix security vulnerabilities

Publication date: 24 May 2020
Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10711 , CVE-2020-12464 , CVE-2020-12659 , CVE-2020-12770 , CVE-2020-13143

Description

This update is based on the upstream 5.6.14 kernel and fixes at least
the following security issues:

A NULL pointer dereference flaw was found in the Linux kernel's SELinux
subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into
the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine.
While processing the CIPSO restricted bitmap tag in the
'cipso_v4_parsetag_rbm' routine, it sets the security attribute to
indicate that the category bitmap is present, even if it has not been
allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a
remote network user to crash the system kernel, resulting in a denial
of service (CVE-2020-10711).

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before
5.6.8 has a use-after-free because a transfer occurs without a
reference(CVE-2020-12464).

An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg
in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the
CAP_NET_ADMIN capability) because of a lack of headroom validation
(CVE-2020-12659).

An issue was discovered in the Linux kernel through 5.6.11. sg_write
lacks an sg_remove_request call in a certain failure case
(CVE-2020-12770).

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux
kernel through 5.6.13 relies on kstrdup without considering the
possibility of an internal '\0' value, which allows attackers to trigger
an out-of-bounds read (CVE-2020-13143).

For other fixes and changes in this update, see the refenced changelogs.

References

SRPMS

7/core