Lucene search

K
mageiaGentoo FoundationMGASA-2018-0134
HistoryFeb 23, 2018 - 8:14 p.m.

Updated kernel packages fix security vulnerabilities

2018-02-2320:14:35
Gentoo Foundation
advisories.mageia.org
36

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.975

Percentile

100.0%

This kernel update is based on the upstream 4.14.20 and and adds KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86. Arm platorm has now also addedmitigations for Meltdown (CVE-2017-5754) and Spectre, variant 2 (CVE-2017-5715). For other fixes in this update, read the referenced changelogs.

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.975

Percentile

100.0%