CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
12.6%
This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities. It also fixes the following security issues: A flaw was found in the Linux kernel’s freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects (CVE-2019-10142). fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (CVE-2019-11833). It also fixes an upstream regression that caused older ‘legacy’ bluetooth adapters to stop working (mga #24840). For other uptstream fixes in this update, see the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | kernel | < 4.14.121-1 | kernel-4.14.121-1.mga6 |
Mageia | 6 | noarch | kernel-userspace-headers | < 4.14.121-1 | kernel-userspace-headers-4.14.121-1.mga6 |
Mageia | 6 | noarch | kmod-vboxadditions | < 6.0.8-2 | kmod-vboxadditions-6.0.8-2.mga6 |
Mageia | 6 | noarch | kmod-virtualbox | < 6.0.8-2 | kmod-virtualbox-6.0.8-2.mga6 |
Mageia | 6 | noarch | kmod-xtables-addons | < 2.13-86 | kmod-xtables-addons-2.13-86.mga6 |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
12.6%