Fedora 35: 2022-484e226872 Critical Local Privilege Escalation Fix

fedora

August 13, 2022

The 5.18.17 stable kernel update contains a number of important fixes across the tree.

Summary

The kernel meta package

The 5.18.17 stable kernel update contains a number of important fixes across the

tree.

* Thu Aug 11 2022 Justin M. Forbes [5.18.17-0]

- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo)

- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo)

- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo)

- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo)

- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo)

- Linux v5.18.16 (Justin M. Forbes)

[ 1 ] Bug #2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

https://bugzilla.redhat.com/show_bug.cgi?id=2114849

[ 2 ] Bug #2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

https://bugzilla.redhat.com/show_bug.cgi?id=2114874

[ 3 ] Bug #2114878 - CVE-2022-2586 kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation

https://bugzilla.redhat.com/show_bug.cgi?id=2114878

su -c 'dnf upgrade --advisory FEDORA-2022-484e226872' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics Covered

security advisory kernel update local privilege escalation critical fix Fedora 35

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 35

Version: 5.18.17

Release: 100.fc35

URL: https://www.kernel.org/

Summary: The Linux kernel

Topics Covered

security advisory kernel update local privilege escalation critical fix Fedora 35

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 35: 2022-484e226872 Critical Local Privilege Escalation Fix

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 35: 2022-484e226872 Critical Local Privilege Escalation Fix

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!