Updated kernel packages fix security vulnerabilities
Publication date: 19 Nov 2019Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-0155 , CVE-2019-11135 , CVE-2018-12207
Description
This kernel update is based on the upstream 5.3.11 and fixes at least the
following security issues:
Insufficient access control in a subsystem for Intel (R) processor graphics
may allow an authenticated user to potentially enable escalation of
privilege via local access (CVE-2019-0155).
TSX Asynchronous Abort condition on some CPUs utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access
(CVE-2019-11135).
Improper invalidation for page table updates by a virtual guest operating
system for multiple Intel(R) Processors may allow an authenticated user to
potentially enable denial of service of the host system via local access
(CVE-2018-12207).
For proper mitigations and fixes for theese issues, a microcode update is
also needed, either with a bios/uefi update from your hardware vendor or
by installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688).
For other upstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=25686
- https://bugs.mageia.org/show_bug.cgi?id=25688
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
SRPMS
7/core
- kernel-5.3.11-1.mga7
- kmod-virtualbox-6.0.14-6.mga7
- kmod-xtables-addons-3.5-9.mga7