Lucene search

K
mageiaGentoo FoundationMGASA-2018-0249
HistoryMay 18, 2018 - 6:27 p.m.

Updated kernel packages fix security vulnerabilities

2018-05-1818:27:18
Gentoo Foundation
advisories.mageia.org
38

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.8%

This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues: On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel (CVE-2018-1087). The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092). The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (CVE-2018-1093). The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1094). The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1095). Predictable Random Number Generator Weakness (CVE-2018-1108). A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local user to cause a denial of service by a number of certain crafted system calls (CVE-2018-1130). The Linux kernel does not properly handle debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. As a result, a local user can cause the kernel to crash (CVE-2018-8897). WireGuard has been updated to 0.0.20180420. For other fixes in this update, see the referenced changelogs.

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.8%