| Description: | Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2019-0221 advisory.
Vulnerability Insight:
This kernel update is based on the upstream 4.14.137 and fixes at least
the following security issues:
A Spectre SWAPGS gadget was found in the Linux kernel's implementation of
system interrupts. An attacker with local access could use this information
to reveal private data through a Spectre like side channel (CVE-2019-1125).
A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a
malicious wireless network (CVE-2019-3846).
An infinite loop issue was found in the vhost_net kernel module in Linux
Kernel up to and including v5.1-rc6, while handling incoming packets in
handle_rx(). It could occur if one end sends packets faster than the other
end can process them. A guest user, maybe remote one, could use this flaw
to stall the vhost_net kernel thread, resulting in a DoS scenario
(CVE-2019-3900).
A flaw was found in the Linux kernel's Bluetooth implementation of UART.
An attacker with local access and write permissions to the Bluetooth
hardware could use this flaw to issue a specially crafted ioctl function
call and cause the system to crash (CVE-2019-10207).
WireGuard has been updated to 0.0.20190702.
For other uptstream fixes in this update, see the referenced changelogs.
Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 6.
Solution:
Please install the updated package(s).
CVSS Score:
8.3
CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
