MGASA-2020-0201
- Source
- https://advisories.mageia.org/MGASA-2020-0201.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0201.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2020-0201
- Related
- Published
- 2020-05-05T12:20:37Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel packages fix security vulnerabilities
- Details
-
This update is based on the upstream 5.6.8 kernel and fixes at least the following security issues:
usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference(CVE-2020-12464).
An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write (by a user with the CAPNET_ADMIN capability) because of a lack of headroom validation (CVE-2020-12659).
Other fixes in this update: - printk: queue wakeupklogd irqwork only if per-CPU areas are ready - Fix use after free in gettreebdev() - propagateone(): mntsetmountpoint() needs mount_lock - iwlwifi: pcie: handle QuZ configs with killer NICs as well - Fix building out of tree modules on aarch64 (pterjan)
For other fixes and changes in this update, see the refenced changelogs.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-7
Mageia:7 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-7
Mageia:7 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-7