MGASA-2015-0450

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2015-0450.html
Import Source
https://advisories.mageia.org/MGASA-2015-0450.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2015-0450
Related
Published
2015-11-19T22:08:19Z
Modified
2015-11-19T21:42:31Z
Summary
Updated kernel packages fix security vulnerabilities
Details

This kernel update is based on upstream 4.1.13 longterm kernel and fixes the following security issues:

The virtnetprobe function in drivers/net/virtionet.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. (CVE-2015-5156)

A guest to host DoS issue was found affecting various hypervisors. In that, a guest can DoS the host by triggering an infinite stream of "alignment check" (#AC) exceptions. This causes the microcode to enter an infinite loop where the core never receives another interrupt. The host kernel panics due to this effect (CVE-2015-5307).

A guest to host DoS issue was found affecting various hypervisors. In that, a guest can DoS the host by triggering an infinite stream of "debug check" (#DB) exceptions. This causes the microcode to enter an infinite loop where the core never receives another interrupt. The host kernel panics due to this effect (CVE-2015-8104).

For other fixes in this update, see the referenced changelog.

References
Credits

Affected packages

Mageia:5 / kmod-broadcom-wl

Package

Name
kmod-broadcom-wl
Purl
pkg:rpm/mageia/kmod-broadcom-wl?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.30.223.271-3.mga5.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}

Mageia:5 / kmod-fglrx

Package

Name
kmod-fglrx
Purl
pkg:rpm/mageia/kmod-fglrx?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.200.1046-7.mga5.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}

Mageia:5 / kmod-nvidia304

Package

Name
kmod-nvidia304
Purl
pkg:rpm/mageia/kmod-nvidia304?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
304.128-3.mga5.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}

Mageia:5 / kmod-nvidia340

Package

Name
kmod-nvidia340
Purl
pkg:rpm/mageia/kmod-nvidia340?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
340.93-3.mga5.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}

Mageia:5 / kmod-nvidia-current

Package

Name
kmod-nvidia-current
Purl
pkg:rpm/mageia/kmod-nvidia-current?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
346.96-3.mga5.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}

Mageia:5 / kernel

Package

Name
kernel
Purl
pkg:rpm/mageia/kernel?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.13-2.mga5

Ecosystem specific 

{
    "section": "core"
}

Mageia:5 / kernel-userspace-headers

Package

Name
kernel-userspace-headers
Purl
pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.13-2.mga5

Ecosystem specific 

{
    "section": "core"
}

Mageia:5 / kmod-xtables-addons

Package

Name
kmod-xtables-addons
Purl
pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-6.mga5

Ecosystem specific 

{
    "section": "core"
}