9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
87.5%
This update is based on upstream 5.4.17 and fixes at least the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out (CVE-2019-3016). A heap-based buffer overflow vulnerability was found in the Linux kernel, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (CVE-2019-14896). A stack-based buffer overflow was found in the Linux kernel, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (CVE-2019-14897). fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed (CVE-2020-8428). arm64/KVM debug registers vulnerability affecting systems with an ARMv8.1 or later CPU (with the Virtualisation Host Extensions). The implications are that a guest, for a brief period, may be able to read event counters belonging to the host or potentially trigger perf-related IRQs in the host (no CVE assigned yet). There is also various fixes for crashing or hanging the kernel by malicious users or devices. Other additional fixes and features in this update: - WireGuard kernel module has been updated to 0.0.20200128 and the tools has been updated to 1.0.20200121. - platform/x86: asus_wmi: Support throttle thermal policy, and set to default to avoid overheating and throttling - hwmon/k10temp: Support for additional temperature sensors as well as voltage and current telemetry for Zen CPUs - hid: add Amd Sensor Fusion Hub Driver - e1000e: Revert “e1000e: Make watchdog use delayed work” as it causes issues on some systems - e1000e: Add support for Comet Lake and Tiger Lake - x86/timer: Don’t skip PIT setup when APIC is disabled or in legacy mode (fixing PIT not being setup on some systems) - cifs: fix soft mounts hanging in the reconnect code - move kernel preun bits to postun to fix grub2 menu cleanup on kernel uninstall (mga#16268) For other upstream fixes in this update, see the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | kernel | < 5.4.17-1 | kernel-5.4.17-1.mga7 |
Mageia | 7 | noarch | kmod-virtualbox | < 6.0.16-3 | kmod-virtualbox-6.0.16-3.mga7 |
Mageia | 7 | noarch | kmod-xtables-addons | < 3.7-13 | kmod-xtables-addons-3.7-13.mga7 |
Mageia | 7 | noarch | wireguard-tools | < 1.0.20200121-1 | wireguard-tools-1.0.20200121-1.mga7 |
bugs.mageia.org/show_bug.cgi?id=16268
bugs.mageia.org/show_bug.cgi?id=26152
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.13
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.15
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
87.5%