{"id":"MGASA-2018-0187","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on the upstream 4.14.30 and fixes at least\nthe following security issues:\n\nThe KPTI mitigation for Meltdown (CVE-2017-5754) on 32bit x86 has been\nupdated to revision 4.\n\nA flaw was found in the Linux kernel implementation of 32 bit syscall\ninterface for bridging allowing a privileged user to arbitrarily write\nto a limited range of kernel memory. This flaw can be exploited not only\nby a system's privileged user (a real \"root\" user), but also by an\nattacker who is a privileged user (a \"root\" user) in a user+network\nnamespace (CVE-2018-1068).\n\nA race condition vulnerability exists in the sound system, that can\nlead to a deadlock and denial of service condition (CVE-2018-1000004).\n\nOther changes in this update:\n\n3rdparty rtl8812au driver has been updated to v5.2.20 (mga#22808) and\nadds fixes for KRACK security issue.\n\nFor other upstream fixes in this update, read the referenced changelogs.\n","modified":"2026-02-04T02:16:01.645696Z","published":"2018-03-30T14:21:59Z","related":["CVE-2017-5754","CVE-2018-1000004","CVE-2018-1068"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0187.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22832"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22808"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.26"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.27"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.28"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.29"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.30"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.30-3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0187.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.30-3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0187.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.8-6.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0187.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.8-6.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0187.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-26.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0187.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}