{"id":"MGASA-2020-0041","summary":"Updated kernel packages fix security vulnerabilities","details":"This update is based on upstream 5.4.12 and fixes at least the following\nsecurity vulnerabilities:\n\nIntel GPU Hardware prior to Gen11 does not clear EU state during a\ncontext switch. This can result in information leakage between\ncontexts (CVE-2019-14615).\n\nA heap-based buffer overflow was discovered in the Marvell WiFi chip\ndriver. The flaw could occur when the station attempts a connection\nnegotiation during the handling of the remote devices country settings.\nThis could allow the remote device to cause a denial of service (system\ncrash) or possibly execute arbitrary code (CVE-2019-14895).\n\nFor other fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T04:44:28.944615193Z","published":"2020-01-17T10:16:50Z","upstream":["CVE-2019-14615","CVE-2019-14895"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0041.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26078"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.11"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.12-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0041.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.14-20.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0041.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7-10.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0041.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}