Gentoo FoundationMGASA-2019-0220Updated kernel packages fix security vulnerabilities
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
52.7%
This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernelβs implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125). A flaw was found in the Linux kernelβs Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207). It also fixes an issue with newer Intel Wireless cards having firmware crashes with newer iwlwifi firmwares (mga#25143) For other uptstream features, changes and fixes in this update, see the referenced changelogs.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | kernel | <Β 5.2.7-1 | kernel-5.2.7-1.mga7 |
| Mageia | 7 | noarch | kernel-userspace-headers | <Β 5.2.7-1 | kernel-userspace-headers-5.2.7-1.mga7 |
| Mageia | 7 | noarch | kmod-virtualbox | <Β 6.0.10-3 | kmod-virtualbox-6.0.10-3.mga7 |
| Mageia | 7 | noarch | kmod-xtables-addons | <Β 3.3-57 | kmod-xtables-addons-3.3-57.mga7 |
| Mageia | 7 | noarch | xtables-addons | <Β 3.3-2 | xtables-addons-3.3-2.mga7 |
| Mageia | 7 | noarch | ldetect-lst | <Β 0.6.3-1 | ldetect-lst-0.6.3-1.mga7 |
References
bugs.mageia.org/show_bug.cgi?id=25143
bugs.mageia.org/show_bug.cgi?id=25240
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.1
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.2
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.3
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.4
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.5
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.6
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-5.2.7
kernelnewbies.org/Linux_5.2
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
52.7%