Mageia 8 MGASA-2022-0021 Critical: Addressing Kernel Security Flaws
mageia
January 18, 2022
This kernel update is based on upstream 5.15.15 and fixes atleast the following security issues: A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem ...
Summary
This kernel update is based on upstream 5.15.15 and fixes atleast the
following security issues:
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS
filesystem allowed for size increase of files with unaligned size. A
local attacker could use this flaw to leak data on the XFS filesystem
otherwise not accessible to them (CVE-2021-4155).
An unprivileged write to the file handler flaw in the Linux kernel's
control groups and namespaces subsystem was found in the way users have
access to some less privileged process that are controlled by cgroups and
have higher privileged parent process. It is actually both for cgroup2
and cgroup1 versions of control groups. A local user could use this flaw
to crash the system or escalate their privileges on the system
(CVE-2021-4197).
Lack of proper validation of user-supplied eBPF programs prior to executing
them. An attacker can leverage this vulnerability to escalate privileges
and execute code in the context of the kernel (CVE-2...
References
- https://bugs.mageia.org/show_bug.cgi?id=29879
- https://bugs.mageia.org/show_bug.cgi?id=29852
- https://bugs.mageia.org/show_bug.cgi?id=29784
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.12
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.14
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.15
- https://www.cve.org/CVERecord?id=CVE-2021-4155
- https://www.cve.org/CVERecord?id=CVE-2021-4197
- https://www.cve.org/CVERecord?id=CVE-2021-4204
- https://www.cve.org/CVERecord?id=CVE-2021-44733
- https://www.cve.org/CVERecord?id=CVE-2021-45095
- https://www.cve.org/CVERecord?id=CVE-2021-45100
- https://www.cve.org/CVERecord?id=CVE-2022-23222
Topics Covered
Resolution
SRPMS
- 8/core/kernel-5.15.15-1.mga8
- 8/core/kmod-virtualbox-6.1.30-1.12.mga8
- 8/core/kmod-xtables-addons-3.18-1.46.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 18 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0021.html
Type: security
CVE: CVE-2021-4155,
CVE-2021-4197,
CVE-2021-4204,
CVE-2021-44733,
CVE-2021-45095,
CVE-2021-45100,
CVE-2022-23222
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!