MGASA-2022-0021 - Updated kernel packages fix security vulnerabilities

Publication date: 18 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0021.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-4155,
     CVE-2021-4197,
     CVE-2021-4204,
     CVE-2021-44733,
     CVE-2021-45095,
     CVE-2021-45100,
     CVE-2022-23222

This kernel update is based on upstream 5.15.15 and fixes atleast the
following security issues:

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS
filesystem allowed for size increase of files with unaligned size. A
local attacker could use this flaw to leak data on the XFS filesystem
otherwise not accessible to them (CVE-2021-4155).

An unprivileged write to the file handler flaw in the Linux kernel's
control groups and namespaces subsystem was found in the way users have
access to some less privileged process that are controlled by cgroups and
have higher privileged parent process. It is actually both for cgroup2
and cgroup1 versions of control groups. A local user could use this flaw
to crash the system or escalate their privileges on the system
(CVE-2021-4197).

Lack of proper validation of user-supplied eBPF programs prior to executing
them. An attacker can leverage this vulnerability to escalate privileges
and execute code in the context of the kernel (CVE-2021-4204).

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in
the Linux kernel through 5.15.11. This occurs because of a race condition
in tee_shm_get_from_id during an attempt to free a shared memory object
(CVE-2021-44733).

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8
has a refcount leak (CVE-2021-45095).

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8,
sometimes communicates in cleartext even though encryption has been enabled.
This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using
the SMB 3.1.1 protocol, which is a violation of the SMB protocol
specification. When Windows 10 detects this protocol violation, it disables
encryption (CVE-2021-45100).

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local
users to gain privileges because of the availability of pointer arithmetic
via certain *_OR_NULL pointer types (CVE-2022-23222).

In addition to the upstream changes, we also have changed the following:
- iwlwifi: mvm: check if SAR GEO is supported before sending command
- select: Fix indefinitely sleeping task in poll_schedule_timeout()
- ALSA: hda: Add AlderLake-N/P PCI ID
- enable NF_TABLES_INET, NFT_REJECT_INET and NFT_FIB_INET (mga#29852)
- disable CIFS_SMB_DIRECT on desktop kernels as it makes loading cifs
  deps fail on some setups (mga#29784)
- disable unprivileged bpf by default to mitigate other potential security
  issues with bpf

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29879
- https://bugs.mageia.org/show_bug.cgi?id=29852
- https://bugs.mageia.org/show_bug.cgi?id=29784
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.12
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.14
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.15
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4204
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222

SRPMS:
- 8/core/kernel-5.15.15-1.mga8
- 8/core/kmod-virtualbox-6.1.30-1.12.mga8
- 8/core/kmod-xtables-addons-3.18-1.46.mga8

Mageia 2022-0021: kernel security update

This kernel update is based on upstream 5.15.15 and fixes atleast the following security issues: A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem ...

Summary

This kernel update is based on upstream 5.15.15 and fixes atleast the following security issues:
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them (CVE-2021-4155).
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-4197).
Lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel (CVE-2021-4204).
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (CVE-2021-44733).
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak (CVE-2021-45095).
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption (CVE-2021-45100).
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types (CVE-2022-23222).
In addition to the upstream changes, we also have changed the following: - iwlwifi: mvm: check if SAR GEO is supported before sending command - select: Fix indefinitely sleeping task in poll_schedule_timeout() - ALSA: hda: Add AlderLake-N/P PCI ID - enable NF_TABLES_INET, NFT_REJECT_INET and NFT_FIB_INET (mga#29852) - disable CIFS_SMB_DIRECT on desktop kernels as it makes loading cifs deps fail on some setups (mga#29784) - disable unprivileged bpf by default to mitigate other potential security issues with bpf
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=29879

- https://bugs.mageia.org/show_bug.cgi?id=29852

- https://bugs.mageia.org/show_bug.cgi?id=29784

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.14

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.15

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4155

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4197

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4204

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44733

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45095

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45100

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222

Resolution

MGASA-2022-0021 - Updated kernel packages fix security vulnerabilities

SRPMS

- 8/core/kernel-5.15.15-1.mga8

- 8/core/kmod-virtualbox-6.1.30-1.12.mga8

- 8/core/kmod-xtables-addons-3.18-1.46.mga8

Severity
Publication date: 18 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0021.html
Type: security
CVE: CVE-2021-4155, CVE-2021-4197, CVE-2021-4204, CVE-2021-44733, CVE-2021-45095, CVE-2021-45100, CVE-2022-23222

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved