VDB

GCVE-110-MAGEIA-2020-36

GCVE-110-MAGEIA-2020-36
Advisory Published
Vulnetix · Advisory published January 13, 2020
This update is based on upstream 5.4.10 and fixes at least the following security issues: ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037) It also fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. Other fixes added in this update: - Revert 'drm/amdgpu: Set no-retry as default.', fixing amdgpu hang on Raven Ridge gpus (mga#25882) - drm/i915/gt: Detect if we miss WaIdleLiteRestore, fixes or at least works around gpu hang (mga#25930) - 3rdparty/rtl8812au: update to v5.6.4.2 (mga#25982) - add support for RTL8117 ethernet - rtl8xxxu: Add support for Edimax EW-7611ULB - mountpoint_last(): fix the treatment of LAST_BIND - HID: intel-ish-hid: ipc: Add Comet Lake H PCI device ID - HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID - HID: wacom: Recognize new MobileStudio Pro PID - updates to the arm64 defconfigs: - Enable some EFI stuff on arm64 (mga#26003) - Enable a lot of missing things on arm64 kernels (including ACPI and Amazon network driver) - Disable debug info on arm64 (mga#26015) - reduce difference between arm64 and x86_64 defconfigs WireGuard kernel module has been updated to 0.0.20200105 and the tools has been updated to 1.0.20200102. For other fixes in this update, see the referenced changelogs.

Affected Products

VendorProductVersionsPlatforms
Mageiakmod-xtables-addons0 (affected), 3.7-8.mga7 (unaffected), 0 (affected), 3.7-8.mga7 (unaffected)
Mageiakernel0 (affected), 5.4.10-1.mga7 (unaffected), 0 (affected), 5.4.10-1.mga7 (unaffected)
Mageiawireguard-tools1.0.20200102-1.mga7 (unaffected), 0 (affected), 0 (affected), 1.0.20200102-1.mga7 (unaffected)
Mageianss0 (affected), 3.49.2-1.mga7 (unaffected)
Mageiafirefox68.4.2-3.mga7 (unaffected), 0 (affected)
Mageiafirefox-l10n0 (affected), 68.4.2-1.mga7 (unaffected)
Mageiakmod-virtualbox0 (affected), 6.0.14-18.mga7 (unaffected), 0 (affected), 6.0.14-18.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›