Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2019-14615
 - CVE-2019-14895
src:
  7:
   core:
     - kernel-5.4.12-1.mga7
     - kmod-virtualbox-6.0.14-20.mga7
     - kmod-xtables-addons-3.7-10.mga7
description: |
  This update is based on upstream 5.4.12 and fixes atleast the following
  security vulnerabilities:

  Intel GPU Hardware prior to Gen11 does not clear EU state during a
  context switch. This can result in information leakage between
  contexts (CVE-2019-14615).

  A heap-based buffer overflow was discovered in the Marvell WiFi chip
  driver. The flaw could occur when the station attempts a connection
  negotiation during the handling of the remote devices country settings.
  This could allow the remote device to cause a denial of service (system
  crash) or possibly execute arbitrary code (CVE-2019-14895).

  For other fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=26078
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.11
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12

Keywords: (none) => advisory

Hi!

I've installed the new kernel version on Mageia 7.1 Virtualbox x64.

No issues, no problems, boot fine.

Greetings.

CC: (none) => joselp

System:   Host: canopus Kernel: 5.4.12-desktop-1.mga7 x86_64
CPU:      10-Core: Intel Core i9-7900X type: MT MCP speed: 1201 MHz 
Machine:  Type: Desktop Mobo: ASUSTeK model: TUF X299 MARK 2 v: Rev 1.xx 
Graphics  Device-1: NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 430.64 
RAM:      31.05 GB

Updates went smoothly.  Reboot hung as usual on this machine.  Powered down and restarted OK.  stress tests OK.  glmark2 runs - at last.
Virtualbox launches Mageia clients OK.
$ sudo mount -a
brings up NFS shares.

All good here for this machine.  Shall try to avoid rebooting.

CC: (none) => tarazed25

On second thoughts tried a warm reboot on the comment 3 machine - it failed.  There is some kind of BIOS error reported at the beginning and there is some mechanical activity in the box; sounds like a repeated disk seek.  Unmounting the data disk and trying again.

No, that was a red herring.  The initial error is ACPI BIOS error: bug: failure to create object
or something like that.
Reinstated the data disk in fstab and mounted it.

The mechanical activity still occurred without the data disk being mounted.
No idea what to do about this problem - not possible to get diagnostics when the system freezes.

After update:
$ uname -a
Linux mach5.hviaene.thuis 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Tried usual document types, sound, video, NFS access to remote shares, remote scanner, internet access. All OK

CC: (none) => herman.viaene

System:   Host: belexeuli Kernel: 5.4.12-desktop-1.mga7 x86_64 bits: 64 
CPU:      Quad Core: Intel Core i7-2600 type: MT MCP speed: 1597 MHz 
Machine:  Type: Desktop System: Alienware product: Alienware X51 v: 00 
Graphics  Device-1: Intel 2nd Generation Core Processor Family Integrated Graphics 
          Device-2: NVIDIA GF114 [GeForce GTX 555] driver: nvidia v: 390.132

Problems with the new kernel.  Unable to reboot.  Experimented for a couple of hours and got nowhere.  The trouble seems to lie in the area of nvidia graphics.  The boot process hangs just after the Plymouth boot screen is terminated.  Seemed likely that there was trouble with the dm or grahics driver so after reverting to 5.4.10 switched from gdm to sddm and tried again.  Still nothing but virtual consoles were available.  Logged in and saved the journal.  dmesg repeated 3 times: nvidia-modeset: version mismatch nvidia-modeset.ko (390.132) nvidia-modeset.ko (430.64).

390 should be chosen.  Re-installed nvidia graphics and tried again.  No-go.  dmesg showed the same mismatch as before.  Gave up on nvidia and switched to Xorg nouveau (drakx11).  Rebooted smoothly to the desktop.  This is a workstation, running fine on wifi.  stress tests completed.  glmark2 and teapot run.  Read a vcard in LibreOffice and exported it as a PDF.  Stellarium launches, slowly, but the sky comes up in an ominous red (climate change perhaps ;-) ).  

Looks like the kernel is OK on this hardware as long as nvidia is avoided.  Not a problem on this machine - used only for testing where advanced graphical capabilities are not normally needed.

(In reply to Len Lawrence from comment #7)
>  Logged in and
> saved the journal.  dmesg repeated 3 times: nvidia-modeset: version mismatch
> nvidia-modeset.ko (390.132) nvidia-modeset.ko (430.64).
> 
> 390 should be chosen.  Re-installed nvidia graphics and tried again.  No-go.


Please configure that system for nouveau or vesa, then remove any nvidia packages, recreate the initrd with "dracut -f" to get rid of all the nvidia modules. then reboot and reconfigure your system to use nvidia again, does it install nvidia390 or nvidia-current ?

Thanks Thomas.  On it.

For the record this is what the system holds just now:
nvidia390-doc-html-390.132-1.mga7.nonfree
x11-driver-video-nvidia390-390.132-1.mga7.nonfree
dkms-nvidia390-390.132-1.mga7.nonfree
dkms-nvidia-current-430.64-2.mga7.nonfree

Thanks for the quick diagnosis Thomas.  That did the trick.
$ rpm -qa | grep nvidia
nvidia390-doc-html-390.132-1.mga7.nonfree
dkms-nvidia390-390.132-1.mga7.nonfree
x11-driver-video-nvidia390-390.132-1.mga7.nonfree

NFS shares mounted automatically.  glmark2 runs with an average framerate about 40 times higher than with nouveau.
Launched a 32-bit Mageia client in virtualbox.  Played video in vlc.
stellarium functions normally.

Kernel is OK on this hardware.

on mga7-64  kernel-desktop  plasma

Packages installed cleanly:
- cpupower-5.4.12-1.mga7.x86_64
- kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.4.12-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64
- kernel-desktop-latest-5.4.12-1.mga7.x86_64
- kernel-userspace-headers-5.4.12-1.mga7.x86_64
- virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.14-20.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64

system re-booted normally:
$ uname -r
5.4.12-desktop-1.mga7

# dkms status
virtualbox, 6.0.14-2.mga7, 5.4.12-desktop-1.mga7, x86_64: installed 
virtualbox, 6.0.14-2.mga7, 5.4.12-desktop-1.mga7, x86_64: installed-binary from 5.4.12-desktop-1.mga7

vbox and client launched normally

no regressions observed

looks OK for mga7-64 on this system:

Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 
CPU: Intel Core i7-6700
Graphics: Intel HD Graphics 530 (Skylake GT2)

CC: (none) => jim

on mga7-32  in a vbox VM  kernel-desktop586  plasma

packages installed cleanly:
- cpupower-5.4.12-1.mga7.i586
- kernel-desktop586-5.4.12-1.mga7-1-1.mga7.i586
- kernel-desktop586-devel-5.4.12-1.mga7-1-1.mga7.i586
- kernel-desktop586-devel-latest-5.4.12-1.mga7.i586
- kernel-desktop586-latest-5.4.12-1.mga7.i586
- kernel-userspace-headers-5.4.12-1.mga7.i586

VM started normally:

$ uname -r
5.4.12-desktop586-1.mga7

# dkms status
vboxadditions, 6.0.14-2.mga7, 5.4.12-desktop586-1.mga7, i586: installed 

No regressions noted

OK for mga7-32 in a vbox VM

32-bit mate
installed in vbox and did some high video and cpu items

Worked fine.

CC: (none) => brtians1

Host: difda Kernel: 5.4.12-desktop-1.mga7 x86_64
Quad Core: Intel Core i7-4790 type: MT MCP
Device-1: NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 430.64

Updated 24 packages.
stress tests OK, glmark2 failed, stellarium runs, virtualbox works.
No problems with the desktop.
OK.

64 bit OK

My machine "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using proprietary driver GeForce 420 and later

Disk&Filesystem: SSD with EFI and ext 4 /boot, then an encrypted partition for LVM, containing swap and ext4 /home & /

Thunderbird, LibreOffice, FreeCad, Ktorrent, Syncthing, Nextcloud client...
Video with sound in Firefox
VirtualBox 6.0.14 running MSW7 incl host folder sharing, USB2 flash stick, firefox video with sound.
CUDA and OpenCL working, my Nvidia GPU is being used by BOINC.
Stress test: BOINC use all cores to 100%, then running virtualbox with MSW7 chewing windows update, and other programs in host i can use without problems.  Enabling BOINC to use GPU too desktop is occasionally a bit unresponsive as expected, but no other probl

Will continue using much as it is my workstation.

CC: (none) => fri

32 bit, physical server

- cpupower-5.4.12-1.mga7.i586
- kernel-server-5.4.12-1.mga7-1-1.mga7.i586
- kernel-server-latest-5.4.12-1.mga7.i586

rebooted

$ uname -a
Linux localhost 5.4.12-server-1.mga7 #1 SMP Tue Jan 14 22:48:47 UTC 2020 i686 i686 i386 GNU/Linux


Samba Server working
NextCloud/Apache working

In a Vbox client, M7.1, Gnome, 32-bit

Testing: kernel-desktop-latest cpupower

[root@localhost wilcal]# uname -a
Linux localhost 5.4.10-desktop586-1.mga7 #1 SMP Thu Jan 9 20:01:43 UTC 2020 i686 i686 i386 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop586-latest
Package kernel-desktop586-latest-5.4.10-1.mga7.i586 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.10-1.mga7.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop586-latest cpupower from updates testing

The following 6 packages are going to be installed:

- cpupower-5.4.12-1.mga7.i586
- kernel-desktop586-5.4.12-1.mga7-1-1.mga7.i586
- kernel-desktop586-latest-5.4.12-1.mga7.i586
- perl-5.28.2-2.mga7.i586
- perl-base-5.28.2-2.mga7.i586
- perl-doc-5.28.2-2.mga7.noarch

Reboot system.

[root@localhost wilcal]# uname -a
Linux localhost 5.4.12-desktop586-1.mga7 #1 SMP Tue Jan 14 21:09:02 UTC 2020 i686 i686 i386 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop586-latest
Package kernel-desktop586-latest-5.4.12-1.mga7.i586 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.12-1.mga7.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

In a Vbox client, M7.1, Plasma, 64-bit

Testing: kernel-desktop-latest cpupower

[root@localhost wilcal]# uname -a
Linux localhost 5.4.10-desktop-1.mga7 #1 SMP Thu Jan 9 20:02:07 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-5.4.10-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.10-1.mga7.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

Install kernel-desktop-latest cpupower from updates testing

The following 6 packages are going to be installed:

- cpupower-5.4.12-1.mga7.x86_64
- kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64
- kernel-desktop-latest-5.4.12-1.mga7.x86_64
- perl-5.28.2-2.mga7.x86_64
- perl-base-5.28.2-2.mga7.x86_64
- perl-doc-5.28.2-2.mga7.noarch

Reboot system.

[root@localhost wilcal]# uname -a
Linux localhost 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-5.4.12-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.12-1.mga7.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

On real hardware, M7.1, Plasma, 64-bit

initial status:

kernel-desktop-latest
virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower

[root@localhost wilcal]# uname -a
Linux localhost 5.4.10-desktop-1.mga7 #1 SMP Thu Jan 9 20:02:07 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-5.4.10-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-6.0.14-2.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-5.4.10-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.10-1.mga7.x86_64 is already installed
[root@localhost wilcal]# lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390
        
Mageia-7-Live-Xfce-i586.iso
Create a Vbox client. Works just fine. Boots to a working desktop.

install from update_testing:

kernel-desktop-latest
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower

The following 11 packages are going to be installed:

- cpupower-5.4.12-1.mga7.x86_64
- kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.4.12-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64
- kernel-desktop-latest-5.4.12-1.mga7.x86_64
- perl-5.28.2-2.mga7.x86_64
- perl-base-5.28.2-2.mga7.x86_64
- perl-doc-5.28.2-2.mga7.noarch
- virtualbox-guest-additions-6.0.16-1.mga7.x86_64
- virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.14-20.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64

[root@localhost wilcal]# uname -a
Linux localhost 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-5.4.12-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.12-1.mga7.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390
        
Mageia-7-Live-Xfce-i586.iso
Still works as a Vbox client. Boots to a working desktop.

Mageia-7-Live-GNOME-x86_64.iso
Create a Vbox client. Works just fine. Boots to a working desktop.

Mageia-7-x86_64.iso
Boots to a working desktop.
Updates then reboots back to a working desktop.

Enough tests, flushing out

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK, MGA7-32-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0041.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

All OK on 64 bit Plasma
resume from suspend: OK incl wifi
resume from hibernate: OK incl wifi
SSD, LVM, no encryption

(wifi have some other issue; switching bewtween access points, need manual disconnect a few seconds but no regression regarding kernel afaik)

Thinkpad T400 type 6474-1EG updated; 
RAM 6G, CPU core2duo T9800, intel GPU