| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2018-0063 advisory.
Vulnerability Insight:
This kernel-tmb update provides an upgrade to the 4.14 longterm branch,
currently based on 4.14.10. It also fixes at least the following
security issues:
An elevation of privilege vulnerability in the Broadcom wi-fi driver
(CVE-2017-0786).
Use-after-free vulnerability in the snd_pcm_info function in the ALSA
subsystem in the Linux kernel allows attackers to gain privileges via
unspecified vectors (CVE-2017-0861).
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM)
support is vulnerable to an incorrect debug exception(#DB) error. It
could occur while emulating a syscall instruction. A user/process
inside guest could use this flaw to potentially escalate their
privileges inside guest. Linux guests are not affected.(CVE-2017-7518).
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested
virtualisation is used, does not properly traverse guest pagetable
entries to resolve a guest virtual address, which allows L1 guest OS
users to execute arbitrary code on the host OS or cause a denial of
service (incorrect index during page walking, and host OS crash), aka
an 'MMU potential stack buffer overrun' (CVE-2017-12188).
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the
Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O
vector has small consecutive buffers belonging to the same page. The
bio_add_pc_page function merges them into one, but the page reference
is never dropped. This causes a memory leak and possible system lockup
(exploitable against the host OS by a guest OS user, if a SCSI disk is
passed through to a virtual machine) due to an out-of-memory condition
(CVE-2017-12190).
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c
in the Linux kernel before 4.13.11 mishandles node splitting, which allows
local users to cause a denial of service (NULL pointer dereference and
panic) via a crafted application, as demonstrated by the keyring key type,
and key addition and link creation operations (CVE-2017-12193).
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group
Temporal Key (GTK) during the group key handshake, allowing an attacker
within radio range to replay frames from access points to clients
(CVE-2017-13080).
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel
before 4.14 does not check whether the intended netns is used in a
peel-off action, which allows local users to cause a denial of
service (use-after-free and system crash) or possibly have unspecified
other impact via crafted system calls (CVE-2017-15115).
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8
allows local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (CVE-2017-15265)
The KEYS subsystem in the ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'kernel-tmb' package(s) on Mageia 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
