Updated kernel packages fix security vulnerabilities
Publication date: 18 May 2018Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1087 , CVE-2018-1092 , CVE-2018-1093 , CVE-2018-1094 , CVE-2018-1095 , CVE-2018-1108 , CVE-2018-1130 , CVE-2018-8897
Description
This kernel update is based on the upstream 4.14.40 and fixes at least
the following security issues:
On x86, MOV SS and POP SS behave strangely if they encounter a data
breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that
a #DB instruction was caused by the undocumented ICEBP instruction. This
results in #DB being delivered to the guest kernel with an incorrect RIP
on the stack. On most guest kernels, this will allow a guest user to DoS
the guest kernel or even to escalate privilege to that of the guest kernel
(CVE-2018-1087).
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through
4.15.15 mishandles the case of a root directory with a zero i_links_count,
which allows attackers to cause a denial of service (ext4_process_freed_data
NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092).
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel
through 4.15.15 allows attackers to cause a denial of service (out-of-bounds
read and system crash) via a crafted ext4 image because balloc.c and ialloc.c
do not validate bitmap block numbers (CVE-2018-1093).
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through
4.15.15 does not always initialize the crc32c checksum driver, which allows
attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer
dereference and system crash) via a crafted ext4 image (CVE-2018-1094).
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel
through 4.15.15 does not properly validate xattr sizes, which causes
misinterpretation of a size as an error code, and consequently allows
attackers to cause a denial of service (get_acl NULL pointer dereference and
system crash) via a crafted ext4 image (CVE-2018-1095).
Predictable Random Number Generator Weakness (CVE-2018-1108).
A null pointer dereference in dccp_write_xmit() function in
net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local
user to cause a denial of service by a number of certain crafted
system calls (CVE-2018-1130).
The Linux kernel does not properly handle debug exceptions delivered after a
stack switch operation via mov SS or pop SS instructions. During the stack
switch operation, the exceptions are deferred. As a result, a local user can
cause the kernel to crash (CVE-2018-8897).
WireGuard has been updated to 0.0.20180420.
For other fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=22909
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.31
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.32
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.33
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.34
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.35
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.36
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.37
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.38
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.39
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.40
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1093
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
SRPMS
6/core
- kernel-4.14.40-1.mga6
- kernel-userspace-headers-4.14.40-1.mga6
- kmod-vboxadditions-5.2.8-14.mga6
- kmod-virtualbox-5.2.8-14.mga6
- kmod-xtables-addons-2.13-34.mga6
- wireguard-tools-0.0.20180420-1.mga6