7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.5%
This update is based on the upstream 5.7.19 kernel and fixes at least the following security issue: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448). A memory out-of-bounds read flaw was found in the Linux kernel’s ext3/ext4 filesystem, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability (CVE-2020-14314). For other upstream fixes and changes in this update, see the referenced changelogs. Also, the wireguard-tools package has been updated to version 1.0.20200827.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | kernel | < 5.7.19-1 | kernel-5.7.19-1.mga7 |
Mageia | 7 | noarch | kernel-linus | < 5.7.19-1 | kernel-linus-5.7.19-1.mga7 |
Mageia | 7 | noarch | kmod-virtualbox | < 6.0.24-5 | kmod-virtualbox-6.0.24-5.mga7 |
Mageia | 7 | noarch | kmod-xtables-addons | < 3.10-3 | kmod-xtables-addons-3.10-3.mga7 |
Mageia | 7 | noarch | wireguard-tools | < 1.0.20200827-1 | wireguard-tools-1.0.20200827-1.mga7 |
access.redhat.com/security/cve/CVE-2020-14314
bugs.mageia.org/show_bug.cgi?id=27215
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.15
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.16
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.17
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.18
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.19
www.linuxkernelcves.com/cves/CVE-2019-19448
www.linuxkernelcves.com/cves/CVE-2020-14314
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.5%