MGASA-2022-0195
Vulnerability Summary
Timeline
Description
Updated kernel-linus packages fix security vulnerabilities This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-0500). Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service (CVE-2022-1012). A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space (CVE-2022-1734). A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-23222). The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state (CVE-2022-28893). Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root (CVE-2022-29581). For other upstream fixes, see the referenced changelogs.
Affected Systems
- mageia•kernel-linus
< 5.15.41-1.mga8
References (8)
- https://advisories.mageia.org/MGASA-2022-0195.html
- https://bugs.mageia.org/show_bug.cgi?id=30436
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41