Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mageia 8: MGASA-2022-0100 Critical: Kernel Security Flaws Revealed

mageia
Calendar Grey March 14, 2022
Dist Mageia Esm H88
The MGASA-2023-0200 kernel update resolves various vulnerabilities for Mageia 9, strengthening overall system security.
This kernel update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some In...

Summary

This kernel update is based on upstream 5.15.28 and fixes at least the following security issues:
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access (CVE-2022-0001).
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access (CVE-2022-0002).
Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends:
blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succe...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30157

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html

- https://developer.arm.com/documentation/110280/latest

- https://seclists.org/oss-sec/2022/q1/173

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.28

- https://www.cve.org/CVERecord?id=CVE-2022-0001

- https://www.cve.org/CVERecord?id=CVE-2022-0002

- https://www.cve.org/CVERecord?id=CVE-2022-23036

- https://www.cve.org/CVERecord?id=CVE-2022-23037

- https://www.cve.org/CVERecord?id=CVE-2022-23038

- https://www.cve.org/CVERecord?id=CVE-2022-23039

- https://www.cve.org/CVERecord?id=CVE-2022-23040

- https://www.cve.org/CVERecord?id=CVE-2022-23041

- https://www.cve.org/CVERecord?id=CVE-2022-23042

- https://www.cve.org/CVERecord?id=CVE-2022-23960

Resolution

SRPMS

- 8/core/kernel-5.15.28-1.mga8

- 8/core/kmod-virtualbox-6.1.32-1.8.mga8

- 8/core/kmod-xtables-addons-3.18-1.58.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 14 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0100.html
Type: security
CVE: CVE-2022-0001, CVE-2022-0002, CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042, CVE-2022-23960

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here