Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 8: MGASA-2022-0063 Critical: Kernel-Linus Security Issues

mageia
Calendar Grey February 15, 2022
Dist Mageia Esm H88
Mageia 2022-0064 enhances kernel-linus to address severe vulnerabilities, notably preventing stack overflow and unauthorized privilege elevation.
This kernel-linus update is based on upstream 5.15.23 and fixes atleast the following security issues: A stack overflow flaw was found in the Linux kernel TIPC protocol functional...

Summary

This kernel-linus update is based on upstream 5.15.23 and fixes atleast the following security issues:
A stack overflow flaw was found in the Linux kernel TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network (CVE-2022-0435).
A vulnerability was found in the Linux kernel cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly (CVE-2022-0492).
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace (CVE-2022-24122).
An issue was discove...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30031

- https://bugs.mageia.org/show_bug.cgi?id=29965

- https://www.cve.org/CVERecord?id=CVE-2022-0435

- https://www.cve.org/CVERecord?id=CVE-2022-0492

- https://www.cve.org/CVERecord?id=CVE-2022-24122

- https://www.cve.org/CVERecord?id=CVE-2022-24448

Topics%20covered

Topics Covered

security advisory privilege escalation stack overflow NFS issue Mageia kernel-linus

Resolution

SRPMS

- 8/core/kernel-linus-5.15.23-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 15 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0063.html
Type: security
CVE: CVE-2022-0435, CVE-2022-0492, CVE-2022-24122, CVE-2022-24448

Topics%20covered

Topics Covered

security advisory privilege escalation stack overflow NFS issue Mageia kernel-linus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here