{"id":"MGASA-2018-0076","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.13 and fixes\nseveral security issues.\n\nThe most important fix in this update is for the security issue named\n\"Meltdown\" that is fixed in theese kernels by enabling kernel Page\nTable Isolation (KPTI). Note that according to AMD, this issue does\nnot effect Amd processors, so it is not enabled by default on systems\nusing Amd CPU.\n\nThe list of known security fixes and mitigations in this kernel:\n\nkvm: vmx: Scrub hardware GPRs at VM-exit. This enables partial mitigation\nin kvm for the security issue named \"Spectre\" (CVE-2017-5715, CVE-2017-5753).\n\nSystems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis of the data\ncache (CVE-2017-5754, \"Meltdown\").\n\nA use-after-free vulnerability was found in network namespaces code\naffecting the Linux kernel before 4.14.11. The function get_net_ns_by_id()\nin net/core/net_namespace.c does not check for the net::count value after\nit has found a peer network in netns_ids idr, which could lead to double\nfree and memory corruption. This vulnerability could allow an unprivileged\nlocal user to induce kernel memory corruption on the system, leading to a\ncrash. Due to the nature of the flaw, privilege escalation cannot be fully\nruled out, although it is thought to be unlikely (CVE-2017-15129).\n\nThe KVM implementation in the Linux kernel through 4.14.7 allows attackers\nto obtain potentially sensitive information from kernel memory, aka a\nwrite_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c\nand include/trace/events/kvm.h (CVE-2017-17741).\n\nThe kernels are also fixed to allow loading cpu microcode for Amd\nfamily 17 (Zen) processors, and dracut have been fixed to properly\nsupport early firmware loading on the microcode on all Amd cpus.\n\nFor more info about Meltdown, Spectre and other fixes in this update,\nsee the refences.\n","modified":"2026-03-25T17:45:24.847744Z","published":"2018-01-13T14:28:36Z","related":["CVE-2017-15129","CVE-2017-17741","CVE-2017-5715","CVE-2017-5753","CVE-2017-5754"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0076.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22334"},{"type":"REPORT","url":"https://meltdownattack.com/"},{"type":"REPORT","url":"https://googleprojectzero.blogspot.fi/2018/01/reading-privileged-memory-with-side.html"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.12"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13"}],"affected":[{"package":{"name":"dracut","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/dracut?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"044-11.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0076.json"}},{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.13-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0076.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.13-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0076.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.2-7.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0076.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.2-7.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0076.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-10.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0076.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}