{"id":"MGASA-2020-0355","summary":"Updated kernel and kernel-linus packages fix security vulnerabilities","details":"This update is based on the upstream 5.7.19 kernel and fixes at least the\nfollowing security issue:\n\nIn the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem\nimage, performing some operations, and then making a syncfs system call can\nlead to a use-after-free in try_merge_free_space in\nfs/btrfs/free-space-cache.c because the pointer to a left data structure can\nbe the same as the pointer to a right data structure (CVE-2019-19448).\n\nA memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4\nfilesystem, in the way it accesses a directory with broken indexing. This flaw\nallows a local user to crash the system if the directory exists. The highest\nthreat from this vulnerability is to system availability (CVE-2020-14314).\n\nFor other upstream fixes and changes in this update, see the referenced\nchangelogs.\n\nAlso, the wireguard-tools package has been updated to version 1.0.20200827.\n","modified":"2026-01-30T23:19:51.362416Z","published":"2020-08-30T18:45:14Z","related":["CVE-2019-19448","CVE-2020-14314"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0355.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27215"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.15"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.16"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.17"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.18"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.19"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-14314"},{"type":"REPORT","url":"https://www.linuxkernelcves.com/cves/CVE-2020-14314"},{"type":"REPORT","url":"https://www.linuxkernelcves.com/cves/CVE-2019-19448"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.7.19-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0355.json"}},{"package":{"name":"kernel-linus","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.7.19-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0355.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.24-5.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0355.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10-3.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0355.json"}},{"package":{"name":"wireguard-tools","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20200827-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0355.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}