MGASA-2020-0227

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0227.html

Import Source

https://advisories.mageia.org/MGASA-2020-0227.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0227

Related

Published

2020-05-24T18:04:47Z

Modified

2022-02-17T18:21:47Z

Summary

Updated kernel packages fix security vulnerability

Details

This update is based on the upstream 5.6.14 kernel and fixes at least the following security issues:

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIPSO restricted bitmap tag in the 'cipsov4parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service (CVE-2020-10711).

An issue was discovered in the Linux kernel through 5.6.11. sgwrite lacks an sgremove_request call in a certain failure case (CVE-2020-12770).

gadgetdevdescUDCstore in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read (CVE-2020-13143).

Other fixes in this update: - KVM: x86: only do L1TF workaround on affected processors (this now correctly excludes non-affected AMD Ryzen and EPYC processors) - add Amd Renoir detection to amd_nb, hwmon (k10temp) and EDAC - additional fixes to the integrated virtualbox support for better interaction with virtualbox.org releases - ndiswrapper has been updated to 1.63 - wireguard-tools have been updated to 1.0.20200513

For other upstream fixes and changes in this update, see the refenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / kernel

Package

Name: kernel
Purl: pkg:rpm/mageia/kernel?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.14-2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.20-6.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / kmod-xtables-addons

Package

Name: kmod-xtables-addons
Purl: pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9-4.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / ndiswrapper

Package

Name: ndiswrapper
Purl: pkg:rpm/mageia/ndiswrapper?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.63-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / wireguard-tools

Package

Name: wireguard-tools
Purl: pkg:rpm/mageia/wireguard-tools?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.20200513-1.mga7

Ecosystem specific

{
    "section": "core"
}