{"id":"MGASA-2018-0249","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.40 and fixes at least\nthe following security issues:\n\nOn x86, MOV SS and POP SS behave strangely if they encounter a data\nbreakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that\na #DB instruction was caused by the undocumented ICEBP instruction. This\nresults in #DB being delivered to the guest kernel with an incorrect RIP\non the stack. On most guest kernels, this will allow a guest user to DoS\nthe guest kernel or even to escalate privilege to that of the guest kernel\n(CVE-2018-1087).\n\nThe ext4_iget function in fs/ext4/inode.c in the Linux kernel through\n4.15.15 mishandles the case of a root directory with a zero i_links_count,\nwhich allows attackers to cause a denial of service (ext4_process_freed_data\nNULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092).\n\nThe ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel\nthrough 4.15.15 allows attackers to cause a denial of service (out-of-bounds\nread and system crash) via a crafted ext4 image because balloc.c and ialloc.c\ndo not validate bitmap block numbers (CVE-2018-1093).\n\nThe ext4_fill_super function in fs/ext4/super.c in the Linux kernel through\n4.15.15 does not always initialize the crc32c checksum driver, which allows\nattackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer\ndereference and system crash) via a crafted ext4 image (CVE-2018-1094).\n\nThe ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel\nthrough 4.15.15 does not properly validate xattr sizes, which causes\nmisinterpretation of a size as an error code, and consequently allows\nattackers to cause a denial of service (get_acl NULL pointer dereference and\nsystem crash) via a crafted ext4 image (CVE-2018-1095).\n\nPredictable Random Number Generator Weakness (CVE-2018-1108).\n\nA null pointer dereference in dccp_write_xmit() function in\nnet/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local\nuser to cause a denial of service by a number of certain crafted\nsystem calls (CVE-2018-1130).\n\nThe Linux kernel does not properly handle debug exceptions delivered after a\nstack switch operation via mov SS or pop SS instructions. During the stack\nswitch operation, the exceptions are deferred. As a result, a local user can\ncause the kernel to crash (CVE-2018-8897).\n\nWireGuard has been updated to 0.0.20180420.\n\nFor other fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T01:47:39.911001695Z","published":"2018-05-18T15:27:18Z","upstream":["CVE-2018-1087","CVE-2018-1092","CVE-2018-1093","CVE-2018-1094","CVE-2018-1095","CVE-2018-1108","CVE-2018-1130","CVE-2018-8897"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0249.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22909"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.31"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.32"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.33"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.34"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.35"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.36"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.37"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.38"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.39"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.40"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.40-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0249.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.40-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0249.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.8-14.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0249.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.8-14.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0249.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-34.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0249.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.20180420-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0249.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}