Bug 27443

Summary: kernel new security issues CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
Product: Mageia Reporter: Pascal Terjan <pterjan>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: fri, ghibomgx, herman.viaene, jim, luigiwalser, mageia, ouaurelien, security, sysadmin-bugs, tarazed25
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK MGA7-32-OK
Source RPM: kernel-5.7.19-1.mga7.src.rpm CVE: CVE-2020-12351, CVE-2020-12352, CVE-2020-14385, CVE-2020-14386, CVE-2020-14390, CVE-2020-24490, CVE-2020-25211, CVE-2020-25221, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645
Status comment:

Description Pascal Terjan 2020-10-17 22:39:44 CEST 
Potential security vulnerabilities in the Bluetooth stack may allow escalation of privilege or information disclosure.

The issues are fixed upstream in 5.9.1 which is already in Cauldron.

CVE-2020-12351: A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.

CVE-2020-12352: An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. 

CVE-2020-24490: A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet.
Comment 1 Pascal Terjan 2020-10-17 22:40:55 CEST 
kernel-5.7.19-2.mga7 has been uploaded to 7/core/updates_testing with all the necessary patches plus a few other fixes from 5.8.16.
Pascal Terjan 2020-10-17 22:44:06 CEST

Depends on: 27401 => (none)

Comment 2 Aurelien Oudelet 2020-10-17 22:44:44 CEST 
Hi, thanks for reporting this.
Thanks Pascal for catching this, report and fix it.

Assigning meanwhile to Kernel and Drivers maintainers,

Assignee: bugsquad => kernel
Depends on: (none) => 27401
CC: (none) => ouaurelien
Status: NEW => ASSIGNED

Aurelien Oudelet 2020-10-17 22:45:04 CEST

Depends on: 27401 => (none)

Pascal Terjan 2020-10-17 22:45:17 CEST

Source RPM: ruby-2.7.1-31.mga8.src.rpm => kernel

Comment 4 David Walser 2020-10-18 00:22:23 CEST 
Note to self, I have an update to xtables-addons 3.11 queued in SVN for this.  Will also need to rebuild kmod-xtables-addons and kmod-virtualbox against the updated kernel.
Comment 5 Pascal Terjan 2020-10-18 01:10:50 CEST 
Wow I didn't expect that many, I'll take a look tomorrow at getting the full stable patches
Comment 6 Aurelien Oudelet 2020-10-18 13:54:43 CEST 
Copy CVE from Comment 1.

Do those from Comment 3 applied on Mageia 7 Kernel?

CVE: (none) => CVE-2020-12351, CVE-2020-12352, CVE-2020-24490

Comment 7 Pascal Terjan 2020-10-18 16:23:26 CEST 
There are 1152 patches between 5.8.5 (the one at same level as 5.7.19) and 5.8.16 so it would be a lot of effort to get all of the patches in.

I will instead cherrypick the listed CVEs, and we will get the rest when doing the big update to 5.9.
Comment 8 Giuseppe Ghibò 2020-10-18 16:50:42 CEST 
In case there are difficulties to backport extra patches, because malformed or code strongly changed, have you evaluated the possibility to jump to 5.8.16 instead as mga7 update? In the case, I've one on my COPR kernel page.

CC: (none) => ghibomgx

Comment 9 David Walser 2020-10-18 17:33:47 CEST 
As far as I can tell, the 5.8 kernel was never fully stabilized in Cauldron, and would certainly necessitate an undesirable update to VirtualBox (which yes, we'll have to face eventually when updating to 5.9, but we don't have to do it right now).
Comment 10 Pascal Terjan 2020-10-18 17:41:44 CEST 
I have backported the patches for the listed CVEs and submitted a -3 kernel:

# CVE-2020-14385
Patch5003: 0001-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch

# CVE-2020-14386
Patch5004: 0002-net-packet-fix-overflow-in-tpacket_rcv.patch

# CVE-2020-14390
Patch5005: 0003-fbcon-remove-soft-scrollback-code.patch

# CVE-2020-25211
Patch5006: 0004-netfilter-ctnetlink-add-a-range-check-for-l3-l4-prot.patch

# CVE-2020-25221
Patch5007: 0005-mm-fix-pin-vs.-gup-mismatch-with-gate-pages.patch

# CVE-2020-25284
Patch5008: 0006-rbd-require-global-CAP_SYS_ADMIN-for-mapping-and-unm.patch

# CVE-2020-25285
Patch5009: 0007-mm-hugetlb-fix-a-race-between-hugetlb-sysctl-handler.patch

# CVE-2020-25641
Patch5010: 0008-block-allow-for_each_bvec-to-support-zero-len-bvec.patch

# CVE-2020-25643
Patch5011: 0009-hdlc_ppp-add-range-checks-in-ppp_cp_parse_cr.patch

# CVE-2020-25645
Patch5012: 0010-geneve-add-transport-ports-in-route-lookup-for-genev.patch
Pascal Terjan 2020-10-18 18:08:02 CEST

CVE: CVE-2020-12351, CVE-2020-12352, CVE-2020-24490 => CVE-2020-12351, CVE-2020-12352, CVE-2020-14385, CVE-2020-14386, CVE-2020-14390, CVE-2020-24490, CVE-2020-25211, CVE-2020-25221, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645

Comment 11 David Walser 2020-10-18 18:12:07 CEST 
Updated kernel packages fix security vulnerabilities:

A flaw was found in the way the Linux kernel Bluetooth implementation handled
L2CAP packets with A2MP CID. A remote attacker in adjacent range could use
this flaw to crash the system causing denial of service or potentially execute
arbitrary code on the system by sending a specially crafted L2CAP packet. The
highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability (CVE-2020-12351).

An information leak flaw was found in the way the Linux kernel's Bluetooth
stack implementation handled initialization of stack memory when handling
certain AMP packets. A remote attacker in adjacent range could use this flaw
to leak small portions of stack memory on the system by sending a specially
crafted AMP packets. The highest threat from this vulnerability is to data
confidentiality (CVE-2020-12352).

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file
system metadata validator in XFS can cause an inode with a valid,
user-creatable extended attribute to be flagged as corrupt. This can lead to
the filesystem being shutdown, or otherwise rendered inaccessible until it is
remounted, leading to a denial of service. The highest threat from this
vulnerability is to system availability (CVE-2020-14385).

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be
exploited to gain root privileges from unprivileged processes. The highest
threat from this vulnerability is to data confidentiality and integrity
(CVE-2020-14386).

A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing
screen size, an out-of-bounds memory write can occur leading to memory
corruption or a denial of service. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out (CVE-2020-14390).

A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth
implementation processed extended advertising report events. This flaw allows
a remote attacker in an adjacent range to crash the system, causing a denial
of service or to potentially execute arbitrary code on the system by sending a
specially crafted Bluetooth packet. The highest threat from this vulnerability
is to confidentiality, integrity, as well as system availability
(CVE-2020-24490).

In the Linux kernel through 5.8.7, local attackers able to inject conntrack
netlink configuration could overflow a local buffer, causing crashes or
triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter
in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211).

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7
allows privilege escalation because of incorrect reference counting (caused by
gate page mishandling) of the struct page that backs the vsyscall page. The
result is a refcount underflow. This can be triggered by any 64-bit process
that can use ptrace() or process_vm_readv() (CVE-2020-25221).

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through
5.8.9 used incomplete permission checking for access to rbd devices, which
could be leveraged by local attackers to map or unmap rbd block devices
(CVE-2020-25284).

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux
kernel before 5.8.8 could be used by local attackers to corrupt memory, cause
a NULL pointer dereference, or possibly have unspecified other impact
(CVE-2020-25285).

A flaw was found in the Linux kernel's implementation of biovecs in versions
before 5.9-rc7. A zero-length biovec request issued by the block subsystem
could cause the kernel to enter an infinite loop, causing a denial of
service. This flaw allows a local attacker with basic privileges to issue
requests to a block device, resulting in a denial of service. The highest
threat from this vulnerability is to system availability (CVE-2020-25641).

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before
5.9-rc7. Memory corruption and a read overflow is caused by improper input
validation in the ppp_cp_parse_cr function which can cause the system to crash
or cause a denial of service. The highest threat from this vulnerability is to
data confidentiality and integrity as well as system availability
(CVE-2020-25643).

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic
between two Geneve endpoints may be unencrypted when IPsec is configured to
encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing
anyone between the two endpoints to read the traffic unencrypted. The main
threat from this vulnerability is to data confidentiality (CVE-2020-25645).

Also, the xtables-addons package has been updated to version 3.11.

References:
https://www.linuxkernelcves.com/cves/CVE-2020-14385
https://www.linuxkernelcves.com/cves/CVE-2020-14386
https://www.linuxkernelcves.com/cves/CVE-2020-14390
https://www.linuxkernelcves.com/cves/CVE-2020-25211
https://www.linuxkernelcves.com/cves/CVE-2020-25221
https://www.linuxkernelcves.com/cves/CVE-2020-25284
https://www.linuxkernelcves.com/cves/CVE-2020-25285
https://www.linuxkernelcves.com/cves/CVE-2020-25641
https://www.linuxkernelcves.com/cves/CVE-2020-25643
https://www.linuxkernelcves.com/cves/CVE-2020-25645
https://access.redhat.com/security/cve/CVE-2020-12351
https://access.redhat.com/security/cve/CVE-2020-12352
https://access.redhat.com/security/cve/CVE-2020-24490
Comment 12 David Walser 2020-10-18 18:13:03 CEST 
To be pushed once the kernel builds and uploads:
kmod-virtualbox
xtables-addons
kmod-xtables-addons
Comment 13 David Walser 2020-10-18 19:55:52 CEST 
SRPMS:
kernel-5.7.19-3.mga7.src.rpm
kmod-virtualbox-6.0.24-6.mga7.src.rpm
xtables-addons-3.11-1.mga7.src.rpm
kmod-xtables-addons-3.11-1.mga7.src.rpm


i586:
kernel-desktop586-5.7.19-3.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-5.7.19-3.mga7-1-1.mga7.i586.rpm
kernel-desktop586-latest-5.7.19-3.mga7.i586.rpm
kernel-desktop586-devel-latest-5.7.19-3.mga7.i586.rpm
kernel-desktop-5.7.19-3.mga7-1-1.mga7.i586.rpm
kernel-desktop-devel-5.7.19-3.mga7-1-1.mga7.i586.rpm
kernel-desktop-latest-5.7.19-3.mga7.i586.rpm
kernel-desktop-devel-latest-5.7.19-3.mga7.i586.rpm
kernel-server-5.7.19-3.mga7-1-1.mga7.i586.rpm
kernel-server-devel-5.7.19-3.mga7-1-1.mga7.i586.rpm
kernel-server-latest-5.7.19-3.mga7.i586.rpm
kernel-server-devel-latest-5.7.19-3.mga7.i586.rpm
kernel-source-5.7.19-3.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.7.19-3.mga7.noarch.rpm
kernel-doc-5.7.19-3.mga7.noarch.rpm
kernel-userspace-headers-5.7.19-3.mga7.i586.rpm
perf-5.7.19-3.mga7.i586.rpm
cpupower-5.7.19-3.mga7.i586.rpm
cpupower-devel-5.7.19-3.mga7.i586.rpm
bpftool-5.7.19-3.mga7.i586.rpm
libbpf0-5.7.19-3.mga7.i586.rpm
libbpf-devel-5.7.19-3.mga7.i586.rpm

virtualbox-kernel-5.7.19-desktop586-3.mga7-6.0.24-6.mga7.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.24-6.mga7.i586.rpm
virtualbox-kernel-5.7.19-desktop-3.mga7-6.0.24-6.mga7.i586.rpm
virtualbox-kernel-desktop-latest-6.0.24-6.mga7.i586.rpm
virtualbox-kernel-5.7.19-server-3.mga7-6.0.24-6.mga7.i586.rpm
virtualbox-kernel-server-latest-6.0.24-6.mga7.i586.rpm

xtables-addons-3.11-1.mga7.i586.rpm
iptaccount-3.11-1.mga7.i586.rpm
xtables-geoip-3.11-1.mga7.noarch.rpm
libaccount0-3.11-1.mga7.i586.rpm
libaccount-devel-3.11-1.mga7.i586.rpm
dkms-xtables-addons-3.11-1.mga7.i586.rpm

xtables-addons-kernel-5.7.19-desktop586-3.mga7-3.11-1.mga7.i586.rpm
xtables-addons-kernel-desktop586-latest-3.11-1.mga7.i586.rpm
xtables-addons-kernel-5.7.19-desktop-3.mga7-3.11-1.mga7.i586.rpm
xtables-addons-kernel-desktop-latest-3.11-1.mga7.i586.rpm
xtables-addons-kernel-5.7.19-server-3.mga7-3.11-1.mga7.i586.rpm
xtables-addons-kernel-server-latest-3.11-1.mga7.i586.rpm


x86_64:
kernel-desktop-5.7.19-3.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-5.7.19-3.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-latest-5.7.19-3.mga7.x86_64.rpm
kernel-desktop-devel-latest-5.7.19-3.mga7.x86_64.rpm
kernel-server-5.7.19-3.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-5.7.19-3.mga7-1-1.mga7.x86_64.rpm
kernel-server-latest-5.7.19-3.mga7.x86_64.rpm
kernel-server-devel-latest-5.7.19-3.mga7.x86_64.rpm
kernel-source-5.7.19-3.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.7.19-3.mga7.noarch.rpm
kernel-doc-5.7.19-3.mga7.noarch.rpm
kernel-userspace-headers-5.7.19-3.mga7.x86_64.rpm
perf-5.7.19-3.mga7.x86_64.rpm
cpupower-5.7.19-3.mga7.x86_64.rpm
cpupower-devel-5.7.19-3.mga7.x86_64.rpm
bpftool-5.7.19-3.mga7.x86_64.rpm
lib64bpf0-5.7.19-3.mga7.x86_64.rpm
lib64bpf-devel-5.7.19-3.mga7.x86_64.rpm

virtualbox-kernel-5.7.19-desktop-3.mga7-6.0.24-6.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.24-6.mga7.x86_64.rpm
virtualbox-kernel-5.7.19-server-3.mga7-6.0.24-6.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.0.24-6.mga7.x86_64.rpm

xtables-addons-3.11-1.mga7.x86_64.rpm
iptaccount-3.11-1.mga7.x86_64.rpm
xtables-geoip-3.11-1.mga7.noarch.rpm
lib64account0-3.11-1.mga7.x86_64.rpm
lib64account-devel-3.11-1.mga7.x86_64.rpm
dkms-xtables-addons-3.11-1.mga7.x86_64.rpm

xtables-addons-kernel-5.7.19-desktop-3.mga7-3.11-1.mga7.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.11-1.mga7.x86_64.rpm
xtables-addons-kernel-5.7.19-server-3.mga7-3.11-1.mga7.x86_64.rpm
xtables-addons-kernel-server-latest-3.11-1.mga7.x86_64.rpm

Assignee: kernel => qa-bugs

Comment 14 Len Lawrence 2020-10-19 18:39:18 CEST 
mageia7, x86_64

Intel Core i7-4790
NVIDIA GM204 [GeForce GTX 970] - nvidia 430.64
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet - driver: r8169

Updated desktop kernel from 5.7.9-1.  All relevant packages installed fine and the xinitrd was rebuilt.  Clean reboot with rebuild of graphics kernel module.
Mate desktop - common applications functioning, including thunderbird, firefox, eom and pulseaudio.  NAS and fileserver NFS shares mounted OK. `perf test` produced rational output.
$ cpupower frequency-info
analyzing CPU 0:
  driver: intel_pstate
  CPUs which run at the same hardware frequency: 0
  CPUs which need to have their frequency coordinated by software: 0
  maximum transition latency:  Cannot determine or is not supported.
  hardware limits: 800 MHz - 4.00 GHz
  available cpufreq governors: performance powersave
  current policy: frequency should be within 800 MHz and 4.00 GHz.
                  The governor "powersave" may decide which speed to use
                  within this range.
  current CPU frequency: Unable to call hardware
  current CPU frequency: 1.50 GHz (asserted by call to kernel)
  boost state support:
    Supported: yes
    Active: yes

$ stress -c 3 -m 2 -i 3 -d 2 -t 25
stress: info: [23818] dispatching hogs: 3 cpu, 3 io, 2 vm, 2 hdd
stress: info: [23818] successful run completed in 28s

Installed virtualbox, dkms-virtualbox.  Successful launch of 32-bit mga7 client.
Sound and video fine with vlc.  CUPS working smoothly with wifi printer - printed a postscript label file to HP5520.

CC: (none) => tarazed25

Comment 15 PC LX 2020-10-19 20:02:55 CEST 
Installed and tested without issues.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia Geforce GT 1030 using nvidia-current proprietary driver.


Tested normal workstation usage plus explicit testing. Boot, reboot and poweroff worked. Several programs tested including proprietary steam games and teamviewer.


$ uname -a
Linux marte 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ dkms status
nvidia-current, 430.64-11.mga7.nonfree, 5.7.19-desktop-1.mga7, x86_64: installed 
nvidia-current, 430.64-11.mga7.nonfree, 5.7.19-desktop-3.mga7, x86_64: installed 
$ rpm -qa | egrep '(nvidia|kernel|dkms)' | sort
dkms-2.0.19-40.mga7
dkms-minimal-2.0.19-40.mga7
dkms-nvidia-current-430.64-11.mga7.nonfree
kernel-desktop-5.7.14-1.mga7-1-1.mga7
kernel-desktop-5.7.19-1.mga7-1-1.mga7
kernel-desktop-5.7.19-3.mga7-1-1.mga7
kernel-desktop-devel-5.7.14-1.mga7-1-1.mga7
kernel-desktop-devel-5.7.19-1.mga7-1-1.mga7
kernel-desktop-devel-5.7.19-3.mga7-1-1.mga7
kernel-desktop-devel-latest-5.7.19-3.mga7
kernel-desktop-latest-5.7.19-3.mga7
kernel-firmware-20190603-1.mga7
kernel-firmware-nonfree-20200817-1.mga7.nonfree
kernel-userspace-headers-5.7.19-3.mga7
nvidia-current-cuda-opencl-430.64-11.mga7.nonfree
nvidia-current-doc-html-430.64-11.mga7.nonfree
nvidia-current-utils-430.64-11.mga7.nonfree
x11-driver-video-nvidia-current-430.64-11.mga7.nonfree
$ lspcidrake
ehci_pci        : Intel Corporation|NM10/ICH7 Family USB2 EHCI Controller [SERIAL_USB] (rev: 01)
Card:NVIDIA GeForce 635 series and later: NVIDIA Corporation|GP108 [GeForce GT 1030] [DISPLAY_VGA] (rev: a1)
uhci_hcd        : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #1 [SERIAL_USB] (rev: 01)
uhci_hcd        : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #3 [SERIAL_USB] (rev: 01)
ata_piix        : Intel Corporation|82801G (ICH7 Family) IDE Controller [STORAGE_IDE] (rev: 01)
unknown         : Intel Corporation|NM10/ICH7 Family PCI Express Port 2 [BRIDGE_PCI] (rev: 01)
unknown         : Intel Corporation|4 Series Chipset DRAM Controller [BRIDGE_HOST] (rev: 03)
i2c_i801        : Intel Corporation|NM10/ICH7 Family SMBus Controller [SERIAL_SMBUS] (rev: 01)
unknown         : Intel Corporation|82801 PCI Bridge [BRIDGE_PCI] (rev: e1)
snd_hda_intel   : Intel Corporation|NM10/ICH7 Family High Definition Audio Controller [MULTIMEDIA_AUDIO_DEV] (rev: 01)
r8169           : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 11)
snd_hda_intel   : NVIDIA Corporation|GP108 High Definition Audio Controller [MULTIMEDIA_AUDIO_DEV] (rev: a1)
uhci_hcd        : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #2 [SERIAL_USB] (rev: 01)
unknown         : Intel Corporation|4 Series Chipset PCI Express Root Port [BRIDGE_PCI] (rev: 03)
intel_rng       : Intel Corporation|82801GB/GR (ICH7 Family) LPC Interface Bridge [BRIDGE_ISA] (rev: 01)
uhci_hcd        : Intel Corporation|NM10/ICH7 Family USB UHCI Controller #4 [SERIAL_USB] (rev: 01)
unknown         : Intel Corporation|NM10/ICH7 Family PCI Express Port 1 [BRIDGE_PCI] (rev: 01)
ata_piix        : Intel Corporation|NM10/ICH7 Family SATA Controller [IDE mode] [STORAGE_IDE] (rev: 01)
hub             : Linux 5.7.19-desktop-3.mga7 ehci_hcd|EHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Genesys Logic, Inc.|USB2.0 Hub [Hub|Unused|Full speed (or root) hub]
usbhid          : USB|USB Keyboard [Human Interface Device|Boot Interface Subclass|Keyboard]
usbhid          : Sunplus Technology Co., Ltd|USB Laser Wheel Mouse [Human Interface Device|Boot Interface Subclass|Mouse]
usb_storage     : Generic|Mass Storage Device [Mass Storage|SCSI|Bulk-Only]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
Mouse:evdev     : Logitech|USB Receiver [Human Interface Device|Boot Interface Subclass|Keyboard]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hid_generic     : USB USB Keyboard
hid_generic     : Logitech USB Receiver
hid_generic     : Logitech Wireless Keyboard PID:0055
hid_generic     : USB Laser Wheel Mouse
hid_generic     : USB USB Keyboard
hid_generic     : Logitech USB Receiver
hid_generic     : Logitech Wireless Mouse PID:003f

CC: (none) => mageia

Comment 16 James Kerr 2020-10-20 05:42:21 CEST 
on mga7-64  kernel-desktop  plasma

Packages installed cleanly:
- cpupower-5.7.19-3.mga7.x86_64
- kernel-desktop-5.7.19-3.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.7.19-3.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.7.19-3.mga7.x86_64
- kernel-desktop-latest-5.7.19-3.mga7.x86_64
- kernel-userspace-headers-5.7.19-3.mga7.x86_64
- virtualbox-kernel-5.7.19-desktop-3.mga7-6.0.24-6.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.24-6.mga7.x86_64


system re-booted normally:
uname-r
5.7.19-desktop-3.mga7

# dkms status
virtualbox, 6.0.24-1.mga7, 5.7.19-desktop-3.mga7, x86_64: installed-binary from 5.7.19-desktop-3.mga7


no regressions observed

vbox and client launched normally


looks OK for mga7-64 on this system:

Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 
CPU: Intel Core i7-6700
Graphics: Intel HD Graphics 530 (Skylake GT2)

CC: (none) => jim

Comment 17 James Kerr 2020-10-20 05:58:23 CEST 
on mga7-32  in a vbox VM  kernel-desktop586  plasma

packages installed cleanly:
- cpupower-5.7.19-3.mga7.i586
- kernel-desktop586-5.7.19-3.mga7-1-1.mga7.i586
- kernel-desktop586-devel-5.7.19-3.mga7-1-1.mga7.i586
- kernel-desktop586-devel-latest-5.7.19-3.mga7.i586
- kernel-desktop586-latest-5.7.19-3.mga7.i586
- kernel-userspace-headers-5.7.19-3.mga7.i586

VM re-booted normally:

$ uname -r
5.7.19-desktop586-3.mga7

# dkms status
vboxadditions, 6.0.24-1.mga7: added 


No regressions noted

OK for mga7-32 in a vbox VM
Comment 18 Len Lawrence 2020-10-20 10:32:03 CEST 
Mageia 7, x86_64

Intel Core i9-7900X
NVIDIA GP102 [GeForce GTX 1080 Ti] - nvidia 430.64
Intel Ethernet I219-V driver: e1000e

Updated and running fine for 12 hours.
NFS shares mounted OK.  stress tests completed.
glmark2, stellarium, libreoffice, virtualbox and various desktop applications all working in Mate.
Installed smplayer from mageiawelcome and launched it.  Video, audio and Youtube browsing work.
Comment 19 PC LX 2020-10-20 10:51:22 CEST 
Installed and tested without issues on a QEMU/KVM guest system.


Some testing done with several applications and test tools (e.g. glmark2, iozone, schbench). No regressions noticed.


Guest system: Mageia 7, x86_64, LXQt, virtio drivers.
Host system: see comment 15.


$ uname -a
Linux marte-vm-mageia-7 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep 5.7.19 | sort
cpupower-5.7.19-3.mga7
kernel-desktop-5.7.19-1.mga7-1-1.mga7
kernel-desktop-5.7.19-3.mga7-1-1.mga7
kernel-desktop-latest-5.7.19-3.mga7
kernel-userspace-headers-5.7.19-3.mga7
perf-5.7.19-3.mga7
$ lspcidrake
virtio_pci      : Red Hat, Inc.|Virtio block device [STORAGE_SCSI]
uhci_hcd        : Intel Corporation|82801I (ICH9 Family) USB UHCI Controller #1 [SERIAL_USB] (rev: 03)
Card:Virtio virtual video card: Red Hat, Inc.|Virtio GPU [DISPLAY_VGA] (rev: 01)
uhci_hcd        : Intel Corporation|82801I (ICH9 Family) USB UHCI Controller #3 [SERIAL_USB] (rev: 03)
virtio_pci      : Red Hat, Inc.|Virtio RNG
virtio_pci      : Red Hat, Inc.|Virtio console [COMMUNICATION_OTHER]
unknown         : Intel Corporation|82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [STORAGE_SATA] (rev: 02)
ata_piix        : Intel Corporation|82371SB PIIX3 IDE [Natoma/Triton II] [STORAGE_IDE]
virtio_pci      : Red Hat, Inc.|Virtio network device [NETWORK_ETHERNET]
i2c_piix4       : Intel Corporation|82371AB/EB/MB PIIX4 ACPI [BRIDGE_OTHER] (rev: 03)
unknown         : Intel Corporation|440FX - 82441FX PMC [Natoma] [BRIDGE_HOST] (rev: 02)
uhci_hcd        : Intel Corporation|82801I (ICH9 Family) USB UHCI Controller #2 [SERIAL_USB] (rev: 03)
virtio_pci      : Red Hat, Inc.|Virtio memory balloon
snd_hda_intel   : Intel Corporation|82801I (ICH9 Family) HD Audio Controller [MULTIMEDIA_AUDIO_DEV] (rev: 03)
unknown         : Intel Corporation|82371SB PIIX3 ISA [Natoma/Triton II] [BRIDGE_ISA]
ehci_pci        : Intel Corporation|82801I (ICH9 Family) USB2 EHCI Controller #1 [SERIAL_USB] (rev: 03)
virtio_pci      : Red Hat, Inc.|Virtio filesystem
hub             : Linux 5.7.19-desktop-3.mga7 ehci_hcd|EHCI Host Controller [Hub|Unused|Full speed (or root) hub]
usbhid          : QEMU|QEMU USB Tablet [Human Interface Device|No Subclass|None]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hub             : Linux 5.7.19-desktop-3.mga7 uhci_hcd|UHCI Host Controller [Hub|Unused|Full speed (or root) hub]
hid_generic     : QEMU QEMU USB Tablet
Comment 20 Herman Viaene 2020-10-20 14:36:39 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Rebooted, no ill effects seen.

CC: (none) => herman.viaene

Comment 21 Aurelien Oudelet 2020-10-20 14:44:37 CEST 
M7-32 and M7-64 install are OK. Reboot OK.
No issues. DKMS rebuild NVIDIA-current and virtualbox OK on M7-64.

I will tend to say YES.
Comment 22 Aurelien Oudelet 2020-10-21 11:58:07 CEST 
Host M7-32/64 and Clients M7-32/64 and M8-32/64 under virtualbox are OK.

Bluetooth on host is OK.


Validating this.

Keywords: Triaged => validated_update
Whiteboard: (none) => MGA7-64-OK MGA7-32-OK
CC: (none) => sysadmin-bugs

Comment 23 Aurelien Oudelet 2020-10-21 13:11:03 CEST 
Advisory in Comment 11 and packages Comment 13.
Pushed it to svn.

Can someone look at it, for CVE and references?
Aurelien Oudelet 2020-10-21 13:11:26 CEST

Status comment: (none) => advisory in SVN please verify it

Comment 24 David Walser 2020-10-21 14:29:59 CEST 
Fixed.  It was using the wrong bug number and the CVEs weren't sorted.  Otherwise it looks fine.

Keywords: (none) => advisory
Status comment: advisory in SVN please verify it => (none)

Comment 25 Mageia Robot 2020-10-21 15:09:10 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0392.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 26 Morgan Leijström 2020-10-22 23:13:57 CEST 
Late to the party. Anyways:

64 bit OK on My machine "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using nvidia-current; GeForce 635 series and later, 4k display. 

Disk&Filesystem: SSD with EFI and ext 4 /boot, then an encrypted partition for LVM, containing swap and ext4 /home & /

Plasma desktop
Thunderbird, LibreOffice, FreeCad, Ktorrent, Syncthing, Nextcloud client...
Video with sound in Firefox
CUDA and OpenCL detected and used by BOINC.
Stress test: BOINC use all cores to 100%, videos do not stutter.

Also virtualbox seem OK running MSW7 64 bit guest incl folder sharing, USB, bidirectional clipboard, dynamic guest window resizing. All as usual, need to free 2 CPU from BOINC to avoid video stutter in guest firefox, playing from internet.

CC: (none) => fri