Updated kernel packages fix security vulnerabilities
Publication date: 12 Aug 2019Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-1125 , CVE-2019-3846 , CVE-2019-3900 , CVE-2019-10207
Description
This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125). A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (CVE-2019-3846). An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (CVE-2019-3900). A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207). WireGuard has been updated to 0.0.20190702. For other uptstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=25239
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.132
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.133
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.135
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.136
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207
SRPMS
6/core
- kernel-4.14.137-1.mga6
- kernel-userspace-headers-4.14.137-1.mga6
- kmod-vboxadditions-6.0.10-2.mga6
- kmod-virtualbox-6.0.10-2.mga6
- kmod-xtables-addons-2.13-90.mga6
- wireguard-tools-0.0.20190702-1.mga6