Lucene search

K
mageiaGentoo FoundationMGASA-2018-0106
HistoryFeb 05, 2018 - 10:12 p.m.

Updated kernel packages fix security vulnerabilities

2018-02-0522:12:45
Gentoo Foundation
advisories.mageia.org
43

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.976

Percentile

100.0%

This kernel update is based on the upstream 4.14.16 and and fixes several security issues. The most important fixes in this update is for the security issue named “Spectre, variant 2 (CVE-2017-5715)” that is partly mitigated by enabling retpoline support. For full retpoline mitigation, kernel needs to be built with a retpoline-aware cpmpiler (something we just added in testing), so next kernel will be built with full retpoline mititgation. For the security issue known as “Spectre, variant 1” there are some lfence bits added but full fix also needs microcode support, and that is something we dont have control over. The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. To make attacker job harder introduce BPF_JIT_ALWAYS_ON config option that removes interpreter from the kernel in favor of JIT-only mode. This is now enabled by default in Mageia kernels. KVM on x86 gained a memory barrier on vmcs field lookup as part of mitigating Spectre variant 2 (CVE-2017-5753). Other security fixes in this update: Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner (CVE-2017-1000410). The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (CVE-2017-8824). WireGuard has been updated to 0.0.20180118. For other fixes, see the referenced changelogs.

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.976

Percentile

100.0%