Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 2022-0062 Security Advisory: Critical Kernel Updates Address Issues

mageia
Calendar Grey February 15, 2022
Dist Mageia Esm H88
Kernel patch 2022-0062 for Mageia addresses severe vulnerabilities such as buffer overflow and unauthorized privilege elevation.
This kernel update is based on upstream 5.15.23 and fixes atleast the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in...

Summary

This kernel update is based on upstream 5.15.23 and fixes atleast the following security issues:
A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network (CVE-2022-0435).
A vulnerability was found in the Linux kernel cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly (CVE-2022-0492).
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur,...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30030

- https://bugs.mageia.org/show_bug.cgi?id=29965

- https://www.cve.org/CVERecord?id=CVE-2022-0435

- https://www.cve.org/CVERecord?id=CVE-2022-0492

- https://www.cve.org/CVERecord?id=CVE-2022-24448

Topics%20covered

Topics Covered

security advisory privilege escalation kernel system crash stack overflow NFS issue Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.23-1.mga8

- 8/core/kmod-virtualbox-6.1.32-1.6.mga8

- 8/core/kmod-xtables-addons-3.18-1.56.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 15 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0062.html
Type: security
CVE: CVE-2022-0435, CVE-2022-0492, CVE-2022-24448

Topics%20covered

Topics Covered

security advisory privilege escalation kernel system crash stack overflow NFS issue Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here