MGASA-2018-0249

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0249.html

Import Source

https://advisories.mageia.org/MGASA-2018-0249.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0249

Related

Published

2018-05-18T15:27:18Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerabilities

Details

This kernel update is based on the upstream 4.14.40 and fixes at least the following security issues:

On x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel (CVE-2018-1087).

The ext4iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero ilinkscount, which allows attackers to cause a denial of service (ext4processfreeddata NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092).

The ext4validblock_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (CVE-2018-1093).

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4xattrinode_hash NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1094).

The ext4xattrcheckentries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (getacl NULL pointer dereference and system crash) via a crafted ext4 image (CVE-2018-1095).

Predictable Random Number Generator Weakness (CVE-2018-1108).

A null pointer dereference in dccpwritexmit() function in net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local user to cause a denial of service by a number of certain crafted system calls (CVE-2018-1130).

The Linux kernel does not properly handle debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. As a result, a local user can cause the kernel to crash (CVE-2018-8897).

WireGuard has been updated to 0.0.20180420.

For other fixes in this update, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.40-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kernel-userspace-headers

Package

Name: kernel-userspace-headers
Purl: pkg:rpm/mageia/kernel-userspace-headers?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.40-1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.8-14.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.8-14.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13-34.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20180420-1.mga6

Ecosystem specific

{
    "section": "core"
}