7.4 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.1 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.974 High
EPSS
Percentile
99.9%
This kernel-linus update provides the upstream 4.4.111 and and fixes several security issues. The most important fix in this update is for the security issue named âMeltdownâ that is fixed in theese kernels by enabling kernel Page Table Isolation (KTPI). Note that according to AMD, this issue does not effect Amd processors, so it is not enabled by default on systems using Amd CPU. The list of known security fixes and mitigations in this kernel: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache (CVE-2017-5754, âMeltdownâ). A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (CVE-2017-15129). The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (CVE-2017-1000407). The kernels are also fixed to allow loading cpu microcode for Amd family 17 (Zen) processors. For more info about Meltdown, Spectre and other fixes in this update, see the refences.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | kernel-linus | <Â 4.4.111-1 | kernel-linus-4.4.111-1.mga5 |
bugs.mageia.org/show_bug.cgi?id=22333
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.106
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.108
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.109
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.110
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.111
googleprojectzero.blogspot.fi/2018/01/reading-privileged-memory-with-side.html
meltdownattack.com/
7.4 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.1 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.974 High
EPSS
Percentile
99.9%