Mageia 8 MGASA-2022-0121 Critical: Kernel Memory Security Issues

mageia

March 29, 2022

This kernel update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_...

Summary

This kernel update is based on upstream 5.15.32 and fixes at least the following security issues:
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system (CVE-2022-0995).
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too (CVE-2022-1011).
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue (CVE-2022-1015).
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c: nft_do_chain, which can cause a use-after-free. This issue needs to handle 'r...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30199

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.30

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.31

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.32

- https://www.cve.org/CVERecord?id=CVE-2022-0995

- https://www.cve.org/CVERecord?id=CVE-2022-1011

- https://www.cve.org/CVERecord?id=CVE-2022-1015

- https://www.cve.org/CVERecord?id=CVE-2022-1016

- https://www.cve.org/CVERecord?id=CVE-2022-1048

- https://www.cve.org/CVERecord?id=CVE-2022-26490

- https://www.cve.org/CVERecord?id=CVE-2022-27666

Topics Covered

security advisory denial of service software update privilege escalation kernel memory flaw Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.32-1.mga8

- 8/core/kmod-virtualbox-6.1.32-1.14.mga8

- 8/core/kmod-xtables-addons-3.18-1.64.mga8

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 29 Mar 2022

URL: https://advisories.mageia.org/MGASA-2022-0121.html

Type: security

CVE: CVE-2022-0995, CVE-2022-1011, CVE-2022-1015, CVE-2022-1016, CVE-2022-1048, CVE-2022-26490, CVE-2022-27666

Topics Covered

security advisory denial of service software update privilege escalation kernel memory flaw Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8 MGASA-2022-0121 Critical: Kernel Memory Security Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8 MGASA-2022-0121 Critical: Kernel Memory Security Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!