Advisories ยป MGASA-2018-0391

Updated kernel packages fix security vulnerabilities

Publication date: 22 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5391 , CVE-2018-14641 , CVE-2018-17182


This kernel update is based on the upstream 4.14.70 and adds additional
fixes for the L1TF security issues. It also fixes at least the following
security issues:

Linux kernel from versions 3.9 and up, is vulnerable to a denial of
service attack with low rates of specially modified packets targeting IP
fragment re-assembly. An attacker may cause a denial of service condition
by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack).

A security flaw was found in the ip_frag_reasm() function in
net/ipv4/ip_fragment.c in the Linux kernel caused by fixes for
CVE-2018-5391, which can cause a later system crash in ip_do_fragment().
With certain non-default, but non-rare, configuration of a victim host,
an attacker can trigger this crash remotely, thus leading to a remote
denial-of-service (CVE-2018-14641).

An issue was discovered in the Linux kernel through 4.18.8. The
vmacache_flush_all function in mm/vmacache.c mishandles sequence number
overflows. An attacker can trigger a use-after-free (and possibly gain
privileges) via certain thread creation, map, unmap, invalidation, and
dereference operations (CVE-2018-17182).

Other fixes in this update:
* drm: fix use of freed memory in drm_mode_setcrtc
* drm/i915: Apply the GTT write flush for all !llc machines
* net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
  (fixes a kernel crash)
* pinctrl/amd: only handle irq if it is pending and unmasked
  (possible real fix for the interrupt storm on Ryzen platform)

For other uptstream fixes in this update, see the referenced changelog.