{"id":"MGASA-2019-0221","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.137 and fixes at least\nthe following security issues:\n\nA Spectre SWAPGS gadget was found in the Linux kernel's implementation of\nsystem interrupts. An attacker with local access could use this information\nto reveal private data through a Spectre like side channel (CVE-2019-1125).\n\nA flaw that allowed an attacker to corrupt memory and possibly escalate\nprivileges was found in the mwifiex kernel module while connecting to a\nmalicious wireless network (CVE-2019-3846). \n\nAn infinite loop issue was found in the vhost_net kernel module in Linux\nKernel up to and including v5.1-rc6, while handling incoming packets in\nhandle_rx(). It could occur if one end sends packets faster than the other\nend can process them. A guest user, maybe remote one, could use this flaw\nto stall the vhost_net kernel thread, resulting in a DoS scenario\n(CVE-2019-3900). \n\nA flaw was found in the Linux kernel’s Bluetooth implementation of UART.\nAn attacker with local access and write permissions to the Bluetooth\nhardware could use this flaw to issue a specially crafted ioctl function\ncall and cause the system to crash (CVE-2019-10207).\n\nWireGuard has been updated to 0.0.20190702.\n\nFor other uptstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T00:09:29.789063522Z","published":"2019-08-12T21:08:18Z","upstream":["CVE-2019-10207","CVE-2019-1125","CVE-2019-3846","CVE-2019-3900"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0221.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25239"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.132"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.133"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.135"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.136"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.137"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.137-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0221.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.137-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0221.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0221.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0221.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-90.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0221.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.20190702-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0221.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}