Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0217)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2019.0217

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2019-0217)

Zusammenfassung: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2019-0217 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2019-0217 advisory.

Vulnerability Insight:
This kernel update is based on the upstream 5.1.20 and fixes at least
the following security issue:

With Xen, virtual device backends and device models running in domain 0,
or other backend driver domains, need to be able to map guest memory
(either via grant mappings, or via the foreign mapping interface). For
Linux to keep track of these mappings, it needs to have a page structure
for each one. In PV dom0, a range of pfns are typically set aside at boot
('pre-ballooned') for this purpose, for PVH and Arm dom0s, no memory is
set aside to begin with. In either case, when more of this 'foreign / grant
map pfn space' is needed, dom0 will balloon out extra pages to use for this
purpose. Unfortunately, in Linux, there are no limits, either on the total
amount of memory which dom0 will attempt to balloon down to, nor on the
amount of 'foreign / grant map' memory which any individual guest can
consume. As a result, a malicious guest may be able, with crafted requests
to the backend, to cause dom0 to exhaust its own memory, leading to a host
crash, and if this is not possible, it may be able to monopolize all of the
foreign / grant map pfn space, starving out other guests (XSA-300).

Other changes in this update:
- kernel configs:
* enable Full dynticks system (tickless) (NO_HZ_FULL)
* enable CONFIG_RCU_NOCB_CPU (mga#24701)
- add kernel side support for temperature monitoring on Amd Ryzen 3000
series (lm_sensors 3.5.0-2.1.mga7 or newer is also needed)

For other upstream changes in this update, see the referenced changelogs.

Note! This is the last update that is based on the upstream 5.1 series.
Next update will be based on the upstream 5.2 series.

Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0217
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0217)
Zusammenfassung:	The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2019-0217 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2019-0217 advisory. Vulnerability Insight: This kernel update is based on the upstream 5.1.20 and fixes at least the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory (either via grant mappings, or via the foreign mapping interface). For Linux to keep track of these mappings, it needs to have a page structure for each one. In PV dom0, a range of pfns are typically set aside at boot ('pre-ballooned') for this purpose, for PVH and Arm dom0s, no memory is set aside to begin with. In either case, when more of this 'foreign / grant map pfn space' is needed, dom0 will balloon out extra pages to use for this purpose. Unfortunately, in Linux, there are no limits, either on the total amount of memory which dom0 will attempt to balloon down to, nor on the amount of 'foreign / grant map' memory which any individual guest can consume. As a result, a malicious guest may be able, with crafted requests to the backend, to cause dom0 to exhaust its own memory, leading to a host crash, and if this is not possible, it may be able to monopolize all of the foreign / grant map pfn space, starving out other guests (XSA-300). Other changes in this update: - kernel configs: * enable Full dynticks system (tickless) (NO_HZ_FULL) * enable CONFIG_RCU_NOCB_CPU (mga#24701) - add kernel side support for temperature monitoring on Amd Ryzen 3000 series (lm_sensors 3.5.0-2.1.mga7 or newer is also needed) For other upstream changes in this update, see the referenced changelogs. Note! This is the last update that is based on the upstream 5.1 series. Next update will be based on the upstream 5.2 series. Affected Software/OS: 'kernel, kernel-userspace-headers, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG