Updated kernel packages fix security vulnerabilities


This kernel update is based on the upstream 4.14.137 and fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel (CVE-2019-1125). A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (CVE-2019-3846). An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (CVE-2019-3900). A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash (CVE-2019-10207). WireGuard has been updated to 0.0.20190702. For other uptstream fixes in this update, see the referenced changelogs.

Affected Package

OS OS Version Package Name Package Version
Mageia 6 kernel 4.14.137-1
Mageia 6 kernel-userspace-headers 4.14.137-1
Mageia 6 kmod-vboxadditions 6.0.10-2
Mageia 6 kmod-virtualbox 6.0.10-2
Mageia 6 kmod-xtables-addons 2.13-90
Mageia 6 wireguard-tools 0.0.20190702-1