{
  "schema_version": "1.7.0",
  "id": "MGASA-2020-0041",
  "published": "2020-01-17T10:16:50Z",
  "modified": "2022-02-17T18:21:47Z",
  "summary": "Updated kernel packages fix security vulnerabilities",
  "details": "This update is based on upstream 5.4.12 and fixes at least the following\nsecurity vulnerabilities:\n\nIntel GPU Hardware prior to Gen11 does not clear EU state during a\ncontext switch. This can result in information leakage between\ncontexts (CVE-2019-14615).\n\nA heap-based buffer overflow was discovered in the Marvell WiFi chip\ndriver. The flaw could occur when the station attempts a connection\nnegotiation during the handling of the remote devices country settings.\nThis could allow the remote device to cause a denial of service (system\ncrash) or possibly execute arbitrary code (CVE-2019-14895).\n\nFor other fixes in this update, see the referenced changelogs.\n",
  "upstream": [
    "CVE-2019-14615",
    "CVE-2019-14895"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2020-0041.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=26078"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.11"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:7",
        "name": "kernel",
        "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-7"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.4.12-1.mga7"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:7",
        "name": "kmod-virtualbox",
        "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.14-20.mga7"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:7",
        "name": "kmod-xtables-addons",
        "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-7"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7-10.mga7"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}