{"id":"MGASA-2020-0201","summary":"Updated kernel packages fix security vulnerabilities","details":"This update is based on the upstream 5.6.8 kernel and fixes at least\nthe following security issues:\n\nusb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before\n5.6.8 has a use-after-free because a transfer occurs without a\nreference(CVE-2020-12464).\n\nAn issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg\nin net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the\nCAP_NET_ADMIN capability) because of a lack of headroom validation\n(CVE-2020-12659).\n\nOther fixes in this update:\n- printk: queue wake_up_klogd irq_work only if per-CPU areas are ready\n- Fix use after free in get_tree_bdev()\n- propagate_one(): mnt_set_mountpoint() needs mount_lock\n- iwlwifi: pcie: handle QuZ configs with killer NICs as well\n- Fix building out of tree modules on aarch64 (pterjan)\n\nFor other fixes and changes in this update, see the refenced changelogs.\n","modified":"2026-04-16T00:12:30.165707860Z","published":"2020-05-05T12:20:37Z","upstream":["CVE-2020-12464","CVE-2020-12659"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0201.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26570"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.6.8-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0201.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.20-4.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0201.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9-2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0201.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}