CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.7%
This kernel update is based on the upstream 4.14.70 and adds additional fixes for the L1TF security issues. It also fixes at least the following security issues: Linux kernel from versions 3.9 and up, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments (CVE-2018-5391, FragmentSmack). A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel caused by fixes for CVE-2018-5391, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service (CVE-2018-14641). An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (CVE-2018-17182). Other fixes in this update: * drm: fix use of freed memory in drm_mode_setcrtc * drm/i915: Apply the GTT write flush for all !llc machines * net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC (fixes a kernel crash) * pinctrl/amd: only handle irq if it is pending and unmasked (possible real fix for the interrupt storm on Ryzen platform) For other uptstream fixes in this update, see the referenced changelog.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | kernel | < 4.14.70-2 | kernel-4.14.70-2.mga6 |
Mageia | 6 | noarch | kernel-userspace-headers | < 4.14.70-2 | kernel-userspace-headers-4.14.70-2.mga6 |
Mageia | 6 | noarch | kmod-vboxadditions | < 5.2.18-6 | kmod-vboxadditions-5.2.18-6.mga6 |
Mageia | 6 | noarch | kmod-virtualbox | < 5.2.18-6 | kmod-virtualbox-5.2.18-6.mga6 |
Mageia | 6 | noarch | kmod-xtables-addons | < 2.13-66 | kmod-xtables-addons-2.13-66.mga6 |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.7%