Various upstream fixes and a security fix high severity issue that allows remote DOS: https://www.securityweek.com/segmentsmack-flaw-linux-kernel-allows-remote-dos-attacks SRPMS: kernel-tmb-4.14.62-1.mga6.src.rpm i586: kernel-tmb-desktop-4.14.62-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-4.14.62-1.mga6-1-1.mga6.i586.rpm kernel-tmb-desktop-devel-latest-4.14.62-1.mga6.i586.rpm kernel-tmb-desktop-latest-4.14.62-1.mga6.i586.rpm kernel-tmb-source-4.14.62-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.62-1.mga6.noarch.rpm x86_64: kernel-tmb-desktop-4.14.62-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-4.14.62-1.mga6-1-1.mga6.x86_64.rpm kernel-tmb-desktop-devel-latest-4.14.62-1.mga6.x86_64.rpm kernel-tmb-desktop-latest-4.14.62-1.mga6.x86_64.rpm kernel-tmb-source-4.14.62-1.mga6-1-1.mga6.noarch.rpm kernel-tmb-source-latest-4.14.62-1.mga6.noarch.rpm
Priority: Normal => High
This laptop needed to be updated before the install, nvidia driver and kernel 4.14.56. Removed several old kernels as well. Installed the tmb kernel and rebooted to Mate. System: Host: markab Kernel: 4.14.62-tmb-desktop-1.mga6 x86_64 CPU: Quad core Intel Core i7-5700HQ (-HT-MCP-) speed/max: 2761/3500 MHz Machine: Device: laptop System: GIGABYTE product: X5 Graphics: Card-1: NVIDIA GM204M [GeForce GTX 965M] Card-2: NVIDIA GM204M [GeForce GTX 965M] GLX Version: 4.6.0 NVIDIA 390.77 Network: Card-1: Qualcomm Atheros Killer E220x Gigabit Ethernet Controller driver: alx Card-2: Intel Wireless 7265 driver: iwlwifi RAM: 16 GB Desktop functional, resumes after closing and opening the lid. NFS share mounted under the MCC. USB automounted when plugged in and applications on it could be run without issues. Running on one GPU and wifi. Stress tests OK. Tried various desktops: Plasma seemed to be running normally. Cinnamon was difficult to use because most applications launched at fullscreen with no way to reduce them except by corner dragging. firefox occupied twice the screen depth. This needs to be checked in other scenarios. Later. GNOME Classic came up OK but desktop icons were oversized, all but the weather applet. No way to log out until I clicked the charger icon on the toolbar. Tried GNOME on Xorg. That was functional - no desktop icons and the toolbar showed a logout icon. GNOME (Wayland?) worked as expected. LXDE login produced a serviceable desktop. LXQt came up fine with one oddity, two Home icons on the desktop. One used Dolphin as file manager and the other something else. So, other desktops work fine within their limitations. The quibbles mentioned doubtless have nothing to do with the kernel.
CC: (none) => tarazed25
Flushing this out as more is coming... Advisory, added to svn type: security subject: Updated kernel-tmb packages fix security vulnerabilities CVE: - CVE-2018-1087 - CVE-2018-1118 - CVE-2018-5390 - CVE-2018-6412 - CVE-2018-8897 - CVE-2018-10853 - CVE-2018-10840 - CVE-2018-10876 - CVE-2018-10877 - CVE-2018-10879 - CVE-2018-10880 - CVE-2018-10881 - CVE-2018-10882 - CVE-2018-10883 - CVE-2018-11412 - CVE-2018-12904 - CVE-2018-13405 - CVE-2018-14678 src: 6: core: - kernel-tmb-4.14.62-1.mga6 description: | This kernel-tmb update is based on the upstream 4.14.62 and fixes atleast the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (CVE-2018-1087). Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file (CVE-2018-1118). Security researchers from FICORA have identified a remote denial of service attack against the Linux kernel caused by inefficient implementation of TCP segment reassembly, named "SegmentSmack". A remote attacker could consume a lot of CPU resources in the kernel networking stack with just a low bandwidth or single host attack by using lots of small TCP segments packets. Usually large botnets are needed for similar effect. The rate needed for this denial of service attack to be effective is several magnitudes lower than the usual packet processing capability of the machine, as the attack exploits worst case behaviour of existing algorithms (CVE-2018-5390). In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands (CVE-2018-6412). In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV SS and POP SS. An authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions (CVE-2018-8897). Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image (CVE-2018-10840). The kvm functions that were used in the emulation of fxrstor, fxsave, sgdt and sidt were originally meant for task switching, and as such they did not check privilege levels. This allowed guest userspace to guest kernel write (CVE-2018-10853). A flaw was found in Linux kernel ext4 File System. A use-after-free in ext4_ext_remove_space() when mounting and operating a crafted ext4 image (CVE-2018-10876). Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (CVE-2018-10877). A flaw was found in Linux kernel ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and so a denial of service or possibly unspecified other impact by when renaming a file in a crafted ext4 filesystem image (CVE-2018-10879). A flaw was found in Linux kernel ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service (CVE-2018-10880). A flaw was found in Linux kernel ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function and so a denial of service and a system crash by mounting and operating on a crafted ext4 filesystem image (CVE-2018-10881). A flaw was found in Linux kernel ext4 File System. An out-of-bound write when unmounting a crafted ext4 image in fs/jbd2/transaction.c. An attacker could use this to cause a denial of service (system crash) (CVE-2018-10882). A flaw was found in Linux kernel ext4 File System. An out-of-bound write in jbd2_journal_dirty_metadata() that kernel cannot handle when mounting and operating a crafted ext4 image. An attacker could use this to cause a denial of service (system crash) (CVE-2018-10883). In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode (CVE-2018-11412). In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL (CVE-2018-12904). The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (CVE-2018-13405). An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (CVE-2018-14678). Other changes in this update: * WireGuard has been updated to 0.0.20180802 * enable Mellanox5 support (mga#23263) * enable SMARTPQI support (mga#23305) * ext4: check for allocation block validity with block group locked, fixes possible data corruption under heavy load * Add PCI ID for Cannon Lake PCH-LP and Ice Lake LP AHCI For other upstream fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=23418 - https://www.securityweek.com/segmentsmack-flaw-linux-kernel-allows-remote-dos-attacks - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.45 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.46 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.47 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.48 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.49 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.50 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.51 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.52 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.53 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.54 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.55 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.56 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.57 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.58 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.59 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.60 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.61 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.62
Whiteboard: (none) => mga6-64-ok, mga6-32-okKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0340.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED