MGASA-2018-0296

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0296.html

Import Source

https://advisories.mageia.org/MGASA-2018-0296.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0296

Related

Published

2018-06-24T22:02:29Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues:

In the function sbusfbioctlhelper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and FBIOGETCMAPSPARC commands (CVE-2018-6412).

The kvm functions that were used in the emulation of fxrstor, fxsave, sgdt and sidt were originally meant for task switching, and as such they did not check privilege levels. This allowed guest userspace to guest kernel write (CVE-2018-10853).

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL (CVE-2018-12904).

WireGuard has been updated to 0.0.20180613.

For other fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.50-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.50-2.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.12-6.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.12-6.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-42.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20180613-1.mga6

Ecosystem specific

{
    "section": "core"
}