MGASA-2022-0194

Description

Updated kernel packages fix security vulnerabilities This kernel update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-0500). Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service (CVE-2022-1012). A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space (CVE-2022-1734). A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-23222). The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state (CVE-2022-28893). Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root (CVE-2022-29581). Other fixes in this update: - nfsd: Fix a write performance regression - x86/mm: Include spinlock_t definition in pgtable.h For other upstream fixes, see the referenced changelogs.

Affected Systems

• mageia•kernel

  < 5.15.41-1.mga8

• mageia•kmod-virtualbox

  < 6.1.34-1.7.mga8

• mageia•kmod-xtables-addons

  < 3.20-1.3.mga8

References (8)

• https://advisories.mageia.org/MGASA-2022-0194.html
• https://bugs.mageia.org/show_bug.cgi?id=30435
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41