Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 8 MGASA-2022-0022 High: Kernel Data Leak And Escalation

mageia
Calendar Grey January 18, 2022
Dist Mageia Esm H88
Debian releases a new version of the LibreOffice suite, addressing critical bugs and enhancing performance across various platforms.
This kernel-linus update is based on upstream 5.15.15 and fixes atleast the following security issues: A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS files...

Summary

This kernel-linus update is based on upstream 5.15.15 and fixes atleast the following security issues:
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them (CVE-2021-4155).
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-4197).
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29880

- https://bugs.mageia.org/show_bug.cgi?id=29852

- https://bugs.mageia.org/show_bug.cgi?id=29784

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.12

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.14

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.15

- https://www.cve.org/CVERecord?id=CVE-2021-4155

- https://www.cve.org/CVERecord?id=CVE-2021-4197

- https://www.cve.org/CVERecord?id=CVE-2021-44733

- https://www.cve.org/CVERecord?id=CVE-2021-45095

- https://www.cve.org/CVERecord?id=CVE-2021-45100

- https://www.cve.org/CVERecord?id=CVE-2022-23222

Topics%20covered

Topics Covered

security advisory privilege escalation kernel data leak Mageia unprivileged access XFS filesystem

Resolution

SRPMS

- 8/core/kernel-linus-5.15.15-1.mga8

Publication date: 18 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0022.html
Type: security
CVE: CVE-2021-4155, CVE-2021-4197, CVE-2021-44733, CVE-2021-45095, CVE-2021-45100, CVE-2022-23222

Topics%20covered

Topics Covered

security advisory privilege escalation kernel data leak Mageia unprivileged access XFS filesystem

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here