7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
51.2%
This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands (CVE-2018-6412). The kvm functions that were used in the emulation of fxrstor, fxsave, sgdt and sidt were originally meant for task switching, and as such they did not check privilege levels. This allowed guest userspace to guest kernel write (CVE-2018-10853). In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL (CVE-2018-12904). WireGuard has been updated to 0.0.20180613. For other fixes in this update, see the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | kernel | < 4.14.50-2 | kernel-4.14.50-2.mga6 |
Mageia | 6 | noarch | kernel-userspace-headers | < 4.14.50-2 | kernel-userspace-headers-4.14.50-2.mga6 |
Mageia | 6 | noarch | kmod-vboxadditions | < 5.2.12-6 | kmod-vboxadditions-5.2.12-6.mga6 |
Mageia | 6 | noarch | kmod-virtualbox | < 5.2.12-6 | kmod-virtualbox-5.2.12-6.mga6 |
Mageia | 6 | noarch | kmod-xtables-addons | < 2.13-42 | kmod-xtables-addons-2.13-42.mga6 |
Mageia | 6 | noarch | wireguard-tools | < 0.0.20180613-1 | wireguard-tools-0.0.20180613-1.mga6 |
bugs.mageia.org/show_bug.cgi?id=23193
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.45
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.46
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.47
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.48
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.49
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.50
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
51.2%