Updated kernel packages fix security vulnerabilitiesPublication date: 18 May 2018
Affected Mageia releases : 6
CVE: CVE-2018-1087 , CVE-2018-1092 , CVE-2018-1093 , CVE-2018-1094 , CVE-2018-1095 , CVE-2018-1108 , CVE-2018-1130 , CVE-2018-8897
This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel (CVE-2018-1087). The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092). The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (CVE-2018-1093). The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1094). The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1095). Predictable Random Number Generator Weakness (CVE-2018-1108). A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local user to cause a denial of service by a number of certain crafted system calls (CVE-2018-1130). The Linux kernel does not properly handle debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. As a result, a local user can cause the kernel to crash (CVE-2018-8897). WireGuard has been updated to 0.0.20180420. For other fixes in this update, see the referenced changelogs.