Updated kernel and kernel-linus packages fix security vulnerabilitiesPublication date: 30 Aug 2020
Affected Mageia releases : 7
CVE: CVE-2019-19448 , CVE-2020-14314
This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448). A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 filesystem, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability (CVE-2020-14314). For other upstream fixes and changes in this update, see the referenced changelogs. Also, the wireguard-tools package has been updated to version 1.0.20200827.