Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#61832 - [linux-hardened] [linux-lts] [linux-zen] [linux] CVE-2019-8912, CVE-2019-8980

Attached to Project: Arch Linux
Opened by Pascal E. (hardfalcon) - Friday, 22 February 2019, 09:02 GMT
Last edited by Jan de Groot (JGC) - Sunday, 16 June 2019, 05:31 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Tobias Powalowski (tpowa)
Andreas Radke (AndyRTR)
Jan Alexander Steffens (heftig)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


linux-hardened 4.20.11.a-1, linux-lts 4.19.24-1, linux 4.20.11.arch1 linux-zen 4.20.11.zen1-1 are all vulnerable to CVE-2019-8912 (local privilege escalation) and CVE-2019-8980 (DoS vulnerability).

To fix this, the following patches should be cherrypicked until upstream pushes out a new release:


This task depends upon

Closed by  Jan de Groot (JGC)
Sunday, 16 June 2019, 05:31 GMT
Reason for closing:  Fixed
Comment by loqs (loqs) - Friday, 22 February 2019, 10:00 GMT Comment by Levente Polyak (anthraxx) - Friday, 22 February 2019, 10:19 GMT
Was in the train so you managed to write before i was able to log in :D But I came to the very same conclusion, hence adding linux
Comment by Jan Alexander Steffens (heftig) - Friday, 22 February 2019, 13:08 GMT
Fixed in 4.20.11-arch2 and 4.20.11-zen2
Comment by Andreas Radke (AndyRTR) - Saturday, 23 February 2019, 16:49 GMT
fixed with 4.19.25 LTS kernel pushed to testing.