Mageia: 2022-0101 Critical Kernel-Linus Security Update for Intel
mageia
March 14, 2022
This kernel-linus update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in s...
Summary
This kernel-linus update is based on upstream 5.15.28 and fixes at least
the following security issues:
Non-transparent sharing of branch predictor selectors between contexts
in some Intel(R) Processors may allow an authorized user to potentially
enable information disclosure via local access (CVE-2022-0001).
Non-transparent sharing of branch predictor within a context in some
Intel(R) Processors may allow an authorized user to potentially enable
information disclosure via local access (CVE-2022-0002).
Several Linux PV device frontends are using the grant table interfaces
for removing access rights of the backends in ways being subject to
race conditions, resulting in potential data leaks, data corruption
by malicious backends, and denial of service triggered by malicious
backends:
blkfront, netfront, scsifront and the gntalloc driver are testing
whether a grant reference is still in use. If this is not the case,
they assume that a following removal of the granted access will always...
References
- https://bugs.mageia.org/show_bug.cgi?id=30158
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
- https://developer.arm.com/documentation/110280/latest
- https://seclists.org/oss-sec/2022/q1/173
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.28
- https://www.cve.org/CVERecord?id=CVE-2022-0001
- https://www.cve.org/CVERecord?id=CVE-2022-0002
- https://www.cve.org/CVERecord?id=CVE-2022-23036
- https://www.cve.org/CVERecord?id=CVE-2022-23037
- https://www.cve.org/CVERecord?id=CVE-2022-23038
- https://www.cve.org/CVERecord?id=CVE-2022-23039
- https://www.cve.org/CVERecord?id=CVE-2022-23040
- https://www.cve.org/CVERecord?id=CVE-2022-23041
- https://www.cve.org/CVERecord?id=CVE-2022-23042
- https://www.cve.org/CVERecord?id=CVE-2022-23960
Resolution
SRPMS
- 8/core/kernel-linus-5.15.28-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 14 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0101.html
Type: security
CVE: CVE-2022-0001,
CVE-2022-0002,
CVE-2022-23036,
CVE-2022-23037,
CVE-2022-23038,
CVE-2022-23039,
CVE-2022-23040,
CVE-2022-23041,
CVE-2022-23042,
CVE-2022-23960
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!