7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.0%
This kernel update is based on the upstream 4.14.116 and fixes at least the following security issues: A flaw was found in the Linux kernel’s vfio interface implementation that permits violation of the user’s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882). kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (CVE-2019-7308). The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486). The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls (CVE-2019-11599). WireGuard has been updated to 0.0.20190406. For other uptstream fixes in this update, see the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | kernel | < 4.14.116-1 | kernel-4.14.116-1.mga6 |
Mageia | 6 | noarch | kernel-userspace-headers | < 4.14.116-1 | kernel-userspace-headers-4.14.116-1.mga6 |
Mageia | 6 | noarch | kmod-vboxadditions | < 6.0.6-2 | kmod-vboxadditions-6.0.6-2.mga6 |
Mageia | 6 | noarch | kmod-virtualbox | < 6.0.6-2 | kmod-virtualbox-6.0.6-2.mga6 |
Mageia | 6 | noarch | kmod-xtables-addons | < 2.13-84 | kmod-xtables-addons-2.13-84.mga6 |
Mageia | 6 | noarch | wireguard-tools | < 0.0.20190406-1 | wireguard-tools-0.0.20190406-1.mga6 |
bugs.mageia.org/show_bug.cgi?id=24773
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.107
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.108
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.109
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.110
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.111
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.113
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.115
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.116
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.0%