Advisories ยป MGASA-2020-0201

Updated kernel packages fix security vulnerabilities

Publication date: 05 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-12464 , CVE-2020-12659


This update is based on the upstream 5.6.8 kernel and fixes at least
the following security issues:

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before
5.6.8 has a use-after-free because a transfer occurs without a

An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg
in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the
CAP_NET_ADMIN capability) because of a lack of headroom validation

Other fixes in this update:
- printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
- Fix use after free in get_tree_bdev()
- propagate_one(): mnt_set_mountpoint() needs mount_lock
- iwlwifi: pcie: handle QuZ configs with killer NICs as well
- Fix building out of tree modules on aarch64 (pterjan)

For other fixes and changes in this update, see the refenced changelogs.