| Description: | Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2018-0249 advisory.
Vulnerability Insight:
This kernel update is based on the upstream 4.14.40 and fixes at least
the following security issues:
On x86, MOV SS and POP SS behave strangely if they encounter a data
breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that
a #DB instruction was caused by the undocumented ICEBP instruction. This
results in #DB being delivered to the guest kernel with an incorrect RIP
on the stack. On most guest kernels, this will allow a guest user to DoS
the guest kernel or even to escalate privilege to that of the guest kernel
(CVE-2018-1087).
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through
4.15.15 mishandles the case of a root directory with a zero i_links_count,
which allows attackers to cause a denial of service (ext4_process_freed_data
NULL pointer dereference and OOPS) via a crafted ext4 image (CVE-2018-1092).
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel
through 4.15.15 allows attackers to cause a denial of service (out-of-bounds
read and system crash) via a crafted ext4 image because balloc.c and ialloc.c
do not validate bitmap block numbers (CVE-2018-1093).
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through
4.15.15 does not always initialize the crc32c checksum driver, which allows
attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer
dereference and system crash) via a crafted ext4 image (CVE-2018-1094).
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel
through 4.15.15 does not properly validate xattr sizes, which causes
misinterpretation of a size as an error code, and consequently allows
attackers to cause a denial of service (get_acl NULL pointer dereference and
system crash) via a crafted ext4 image (CVE-2018-1095).
Predictable Random Number Generator Weakness (CVE-2018-1108).
A null pointer dereference in dccp_write_xmit() function in
net/dccp/output.c in the Linux kernel before v4.16-rc7 allows a local
user to cause a denial of service by a number of certain crafted
system calls (CVE-2018-1130).
The Linux kernel does not properly handle debug exceptions delivered after a
stack switch operation via mov SS or pop SS instructions. During the stack
switch operation, the exceptions are deferred. As a result, a local user can
cause the kernel to crash (CVE-2018-8897).
WireGuard has been updated to 0.0.20180420.
For other fixes in this update, see the referenced changelogs.
Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
