Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mageia 8: 2022-0092 Moderate: Kernel Code Injection and Memory Corruption

mageia
Calendar Grey March 7, 2022
Dist Mageia Esm H88
The recent kernel upgrade for Mageia resolves several security vulnerabilities, including potential arbitrary code execution and issues related to memory corruption.
This kernel update is based on upstream 5.15.25 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variab...

Summary

This kernel update is based on upstream 5.15.25 and fixes at least the following security issues:
A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem. It can be used to inject code into arbitrary processes (CVE-2022-0847).
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur (CVE-2022-25258).
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (CVE-2022-25375).
For other upstream fixes, see t...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30131

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25

- https://www.cve.org/CVERecord?id=CVE-2022-0847

- https://www.cve.org/CVERecord?id=CVE-2022-25258

- https://www.cve.org/CVERecord?id=CVE-2022-25375

Resolution

SRPMS

- 8/core/kernel-5.15.25-1.mga8

- 8/core/kmod-virtualbox-6.1.32-1.7.mga8

- 8/core/kmod-xtables-addons-3.18-1.57.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 07 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0092.html
Type: security
CVE: CVE-2022-0847, CVE-2022-25258, CVE-2022-25375

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here