Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Mageia 8: MGASA-2022-0154 Moderate: Kernel Denial Of Service

mageia
Calendar Grey April 28, 2022
Dist Mageia Esm H88
Updates to the kernel address various concerns, such as system crashes and denial of service vulnerabilities, specifically for the Mageia platform.
This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_i...

Summary

This kernel update is based on upstream 5.15.35 and fixes at least the following security issues:
A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system (CVE-2022-0168).
x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158).
A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow attacker to crash linux kernel by simulating Amateur Radio from user-space (CVE-2022-1198).
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1204).
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30330

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.35

- https://www.cve.org/CVERecord?id=CVE-2022-0168

- https://www.cve.org/CVERecord?id=CVE-2022-1158

- https://www.cve.org/CVERecord?id=CVE-2022-1198

- https://www.cve.org/CVERecord?id=CVE-2022-1204

- https://www.cve.org/CVERecord?id=CVE-2022-1205

- https://www.cve.org/CVERecord?id=CVE-2022-1263

- https://www.cve.org/CVERecord?id=CVE-2022-1353

- https://www.cve.org/CVERecord?id=CVE-2022-28388

- https://www.cve.org/CVERecord?id=CVE-2022-28389

- https://www.cve.org/CVERecord?id=CVE-2022-28390

- https://www.cve.org/CVERecord?id=CVE-2022-29582

Topics%20covered

Topics Covered

security advisory denial of service security update kernel patch kernel fix system crash Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.35-2.mga8

- 8/core/kmod-virtualbox-6.1.34-1.4.mga8

- 8/core/kmod-xtables-addons-3.20-1.mga8

- 8/core/xtables-addons-3.20-1.mga8

Publication date: 28 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0154.html
Type: security
CVE: CVE-2022-0168, CVE-2022-1158, CVE-2022-1198, CVE-2022-1204, CVE-2022-1205, CVE-2022-1263, CVE-2022-1353, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390, CVE-2022-29582

Topics%20covered

Topics Covered

security advisory denial of service security update kernel patch kernel fix system crash Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here