VDB
GCVE-110-MAGEIA-2019-221
GCVE-110-MAGEIA-2019-221
Advisory Published
This kernel update is based on the upstream 4.14.137 and fixes at least
the following security issues:
A Spectre SWAPGS gadget was found in the Linux kernel's implementation of
system interrupts. An attacker with local access could use this information
to reveal private data through a Spectre like side channel (CVE-2019-1125).
A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a
malicious wireless network (CVE-2019-3846).
An infinite loop issue was found in the vhost_net kernel module in Linux
Kernel up to and including v5.1-rc6, while handling incoming packets in
handle_rx(). It could occur if one end sends packets faster than the other
end can process them. A guest user, maybe remote one, could use this flaw
to stall the vhost_net kernel thread, resulting in a DoS scenario
(CVE-2019-3900).
A flaw was found in the Linux kernel’s Bluetooth implementation of UART.
An attacker with local access and write permissions to the Bluetooth
hardware could use this flaw to issue a specially crafted ioctl function
call and cause the system to crash (CVE-2019-10207).
WireGuard has been updated to 0.0.20190702.
For other uptstream fixes in this update, see the referenced changelogs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kernel-userspace-headers | 0 (affected), 4.14.137-1.mga6 (unaffected), 4.14.137-1.mga6 (unaffected), 0 (affected) | — |
| Mageia | kernel | 0 (affected), 0 (affected), 4.14.137-1.mga6 (unaffected), 4.14.137-1.mga6 (unaffected) | — |
| Mageia | plasma-workspace | 0 (affected), 5.15.4-1.1.mga7 (unaffected) | — |
| Mageia | kmod-virtualbox | 0 (affected), 6.0.10-2.mga6 (unaffected), 0 (affected), 6.0.10-2.mga6 (unaffected) | — |
| Mageia | wireguard-tools | 0 (affected), 0.0.20190702-1.mga6 (unaffected), 0 (affected), 0.0.20190702-1.mga6 (unaffected) | — |
| Mageia | kmod-xtables-addons | 0 (affected), 2.13-90.mga6 (unaffected), 0 (affected), 2.13-90.mga6 (unaffected) | — |
| Mageia | kmod-vboxadditions | 0 (affected), 6.0.10-2.mga6 (unaffected), 0 (affected), 6.0.10-2.mga6 (unaffected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.