{"id":"MGASA-2020-0158","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This update is based on upstream 5.5.15 and fixes at least the following\nsecurity vulnerabilities:\n\nIn the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the\n__blk_add_trace function in kernel/trace/blktrace.c (which is used to\nfill out a blk_io_trace structure and place it in a per-cpu sub-buffer)\n(CVE-2019-19768).\n\nIn the Linux kernel 5.3.10, there is a use-after-free (read) in the\nperf_trace_lock_acquire function (related to include/trace/events/lock.h)\n(CVE-2019-19769).\n\nA flaw was found in the way KVM hypervisor handled instruction emulation\nfor the L2 guest when nested(=1) virtualization is enabled. In the\ninstruction emulation, the L2 guest could trick the L0 hypervisor into\naccessing sensitive bits of the L1 hypervisor. An L2 guest could use this\nflaw to potentially access information of the L1 hypervisor\n(CVE-2020-2732).\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2\nin the vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647).\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2\nin the n_tty_receive_buf_common function in drivers/tty/n_tty.c\n(CVE-2020-8648).\n\nManfred Paul discovered that the bpf verifier in the Linux kernel did not\nproperly calculate register bounds for certain operations. A local attacker\ncould use this to expose sensitive information (kernel memory) or gain\nadministrative privileges (CVE-2020-8835).\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2\nin the vgacon_invert_region function in drivers/video/console/vgacon.c. \n(CVE-2020-8649).\n\nAn issue was discovered in the Linux kernel through 5.5.6. set_fdc in\ndrivers/block/floppy.c leads to a wait_til_ready out-of-bounds read\nbecause the FDC index is not checked for errors before assigning it,\naka CID-2e90ca68b0d2 (CVE-2020-9383).\n\nAn issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6\non the AArch64 architecture. It ignores the top byte in the address\npassed to the brk system call, potentially moving the memory break\ndownwards when the application expects it to move upwards, aka CID-\ndcde237319e6. This has been observed to cause heap corruption with\nthe GNU C Library malloc implementation (CVE-2020-9391).\n\nSecurity fixes and hardenings to the mac00211 layer to prevent leaking keys\nand frames.\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-01-30T22:16:36.939748Z","published":"2020-04-03T22:53:32Z","related":["CVE-2019-19768","CVE-2019-19769","CVE-2020-2732","CVE-2020-8647","CVE-2020-8648","CVE-2020-8649","CVE-2020-8835","CVE-2020-9383","CVE-2020-9391"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0158.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26426"},{"type":"REPORT","url":"https://kernelnewbies.org/Linux_5.5"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.1"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.2"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.3"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.5"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.6"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.12"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.13"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.14"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.15"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.15-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0158.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}