{"id":"MGASA-2019-0332","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 5.3.11 and fixes at least the \nfollowing security issues:\n\nInsufficient access control in a subsystem for Intel (R) processor graphics\nmay allow an authenticated user to potentially enable escalation of\nprivilege via local access (CVE-2019-0155).\n\nTSX Asynchronous Abort condition on some CPUs utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access\n(CVE-2019-11135).\n\nImproper invalidation for page table updates by a virtual guest operating\nsystem for multiple Intel(R) Processors may allow an authenticated user to\npotentially enable denial of service of the host system via local access\n(CVE-2018-12207). \n\nFor proper mitigations and fixes for theese issues, a microcode update is\nalso needed, either with a bios/uefi update from your hardware vendor or\nby installing the microcode-0.20191112-1.mga7.nonfree update (mga#25688).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T01:48:33.077525207Z","published":"2019-11-19T21:16:53Z","upstream":["CVE-2018-12207","CVE-2019-0155","CVE-2019-11135"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0332.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25686"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25688"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.11-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0332.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.14-6.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0332.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5-9.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0332.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}