{"id":"MGASA-2019-0185","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update provides the upstream 4.14.121. It adds additional\nfixes to the kernel side mitigations for the Microarchitectural\nData Sampling (MDS, also called ZombieLoad attack) vulnerabilities.\n\nIt also fixes the following security issues:\n\nA flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects (CVE-2019-10142).\n\nfs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out\nthe unused memory region in the extent tree block, which might allow\nlocal users to obtain sensitive information by reading uninitialized\ndata in the filesystem (CVE-2019-11833).\n\nIt also fixes an upstream regression that caused older 'legacy'\nbluetooth adapters to stop working (mga #24840).\n\nFor other uptstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T04:44:09.854727428Z","published":"2019-05-30T09:01:50Z","upstream":["CVE-2019-10142","CVE-2019-11833"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0185.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24853"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24840"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.121-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0185.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.121-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0185.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.8-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0185.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.8-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0185.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13-86.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0185.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}