Advisories » MGASA-2020-0201

Updated kernel packages fix security vulnerabilities

Publication date: 05 May 2020
Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-12464 , CVE-2020-12659

Description

This update is based on the upstream 5.6.8 kernel and fixes at least
the following security issues:

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before
5.6.8 has a use-after-free because a transfer occurs without a
reference(CVE-2020-12464).

An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg
in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the
CAP_NET_ADMIN capability) because of a lack of headroom validation
(CVE-2020-12659).

Other fixes in this update:
- printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
- Fix use after free in get_tree_bdev()
- propagate_one(): mnt_set_mountpoint() needs mount_lock
- iwlwifi: pcie: handle QuZ configs with killer NICs as well
- Fix building out of tree modules on aarch64 (pterjan)

For other fixes and changes in this update, see the refenced changelogs.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26570
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12464
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12659

SRPMS

7/core

• kernel-5.6.8-1.mga7
• kmod-virtualbox-6.0.20-4.mga7
• kmod-xtables-addons-3.9-2.mga7