Bug 21850 - kernel-linus-4.9.56-1.mga6
Summary: kernel-linus-4.9.56-1.mga6
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2017-10-13 20:04 CEST by Thomas Backlund
Modified: 2017-10-24 07:51 CEST (History)
3 users (show)

See Also:
Source RPM: kernel-linus
Status comment:


Description Thomas Backlund 2017-10-13 20:04:43 CEST
Nwe kernel-linus update for several security + other fixes...

Advisory will follow...



Comment 1 Len Lawrence 2017-10-17 19:35:35 CEST
Mageia release 6 (Official) for x86_64
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
NVIDIA Corporation GK104 [GeForce GTX 770]
nvidia 384.59
Mobo: Gigabyte model: G1.Sniper Z97 v: x.x
Bios: American Megatrends v: F6 date: 05/30/2014

Installed the updates.

# drakboot --boot

Rebooted from commandline and ran into trouble.  The system got stuck in a loop unmounting /data to target shtutdown, all OKs.  Had to hit the reset button.
Could this have anything to do with installing cpupower at the same time?  Mismatched kernels?
Rebooted to Mate desktop.  nvidia-current rebuilt before that.

$ uname -r
Everything working normally.
bluetooth + blueman + pulseaudio + btusb OK.  HD TV courtesy of vlc.
mplayer for Youtube videos.  sox/play for WAV files.  Sound and vision OK.
LibreOffice writer.  Network shares mounted automatically.  Images display with eom, gqview, gwenview.  No problems with any of the common desktop applications.
Local ruby scripts work fine.

CC: (none) => tarazed25

Comment 2 William Kenney 2017-10-17 20:02:06 CEST
On real hardware, M6, Plasma, 64-bit

Testing: kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.9.56-1.mga6 #1 SMP Thu Oct 12 22:57:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-4.9.56-1.mga6.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

William Kenney 2017-10-17 20:02:40 CEST

Whiteboard: (none) => MGA6-64-OK

Comment 3 Thomas Backlund 2017-10-19 23:30:04 CEST
Advisory (added to svn):

This kernel update is based on upstream 4.9.56 and fixes atleast the
following security issues:

A flaw was found in the way the Linux KVM module processed the trap flag(TF)
bit in EFLAGS during emulation of the syscall instruction, which leads to a
debug exception(#DB) being raised in the guest stack. A user/process inside
a guest could use this flaw to potentially escalate their privileges inside
the guest (CVE-2017-7518).

A kernel data leak due to an out-of-bound read was found in the Linux kernel
in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions
present since version 4.7-rc1 through version 4.13. A data leak happens when
these functions fill in sockaddr data structures used to export socket's
diagnostic information. As a result, up to 100 bytes of the slab data could
be leaked to a userspace (CVE-2017-7558).

A security flaw was discovered in nl80211_set_rekey_data() function in the
Linux kernel since v3.1-rc1 through v4.13. This function does not check
whether the required attributes are present in a netlink request. This
request can be issued by a user with CAP_NET_ADMIN privilege and may result
in NULL dereference and a system crash (CVE-2017-12153).

Linux kernel built with the KVM visualization support (CONFIG_KVM), with
nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a
crash due to disabled external interrupts. As L2 guest could acce s (r/w)
hardware CR8 register of the host(L0). In a nested visualization setup,
L2 guest user could use this flaw to potentially crash the host(L0)
resulting in DoS (CVE-2017-12154).

The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before
4.12 allows local users to cause a denial of service (__tcp_select_window
divide-by-zero error and system crash) by triggering a disconnect within a
certain tcp_recvmsg code path (CVE-2017-14106).

The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the
Linux kernel through 4.12.10 does not initialize a certain data structure,
which allows local users to obtain sensitive information from kernel stack
memory by reading locations associated with padding bytes (CVE-2017-14156).

It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in
the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to
cause a denial of service (a system panic) by making a number of certain
syscalls by leveraging incorrect length validation in the kernel code

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4
allows local users to obtain sensitive information from uninitialized kernel
heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0

The tpacket_rcv() function in 'net/packet/af_packet.c' file in the Linux
kernel before 4.13 mishandles vnet headers, which might allow local users
to cause a denial of service (buffer overflow, and disk and memory
corruption) or possibly have unspecified other impact via crafted system
calls (CVE-2017-14497).

A reachable assertion failure flaw was found in the Linux kernel built with
KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature
(CONFIG_VFIO) enabled. This failure could occur if a malicious guest device
sent a virtual interrupt (guest IRQ) with a larger (>1024) index value

Keywords: (none) => advisory

Comment 4 Len Lawrence 2017-10-19 23:47:43 CEST
Mageia release 6 (Official) for x86_64
Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
NVIDIA Corporation GK107M [GeForce GT 650M] 
GLX Renderer: GeForce GT 650M/PCIe/SSE2
GLX Version: 4.5.0 NVIDIA 384.59
Mobo: LENOVO model: INVALID v: 31900003WIN8 STD MLT

Installed updates:
- kernel-linus-4.9.56-1.mga6-1-1.mga6.x86_64
- kernel-linus-devel-4.9.56-1.mga6-1-1.mga6.x86_64
- kernel-linus-devel-latest-4.9.56-1.mga6.x86_64
- kernel-linus-latest-4.9.56-1.mga6.x86_64
- kernel-linus-source-4.9.56-1.mga6-1-1.mga6.noarch
- kernel-linus-source-latest-4.9.56-1.mga6.noarch

nvidia-current rebuilt

# drakboot --boot

Rebooted to Mate desktop.
$ uname -r

Ran stress tests, successfully, then glmark2 official.
All aspects of the desktop are in working order, including NFS shares and wifi networking.  Installed blueman and ran blueman-assistant to pair with a SoundTouch soundbar, pavucontrol to switch from the internal speaker to external.  The process was very quick, a matter of seconds.  blueman is now very reliable.  Sound and vision with vlc.

Inatalled virtualbox and ran dkms-virtualbox.  Booted a 32-bit vdi to Plasma on mga6, nokmsboot parameter was needed.  That ran fine.
Comment 5 Len Lawrence 2017-10-23 20:06:52 CEST
Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz
NVIDIA Corporation GM204M [GeForce GTX 965M] 
RAM 15.63 GB
nvidia 384.59

Installed kernel-linus.
# drakboot --boot
Rebooted to Mate.  nvidia kmod rebuilt during boot sequence.

$ uname -r

Ran stress tests, glxspheres64, glmark2.

Ran several desktop applications and noticed no regressions.  NFS shares working.
wifi networking OK.
This installation is good.
Comment 6 William Kenney 2017-10-23 23:23:27 CEST
On real hardware, M6, Xfce, 32-bit

Testing: kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.9.56-1.mga6 #1 SMP Thu Oct 12 23:25:52 UTC 2017 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-4.9.56-1.mga6.i586 is already installed
William Kenney 2017-10-23 23:23:47 CEST

Whiteboard: MGA6-64-OK => MGA6-32-OK MGA6-64-OK

Comment 7 William Kenney 2017-10-23 23:24:48 CEST
This update works fine.
Testing complete for MGA6, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2017-10-24 07:51:47 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.