MGASA-2022-0155 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 28 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0155.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-0168,
     CVE-2022-1158,
     CVE-2022-1198,
     CVE-2022-1204,
     CVE-2022-1205,
     CVE-2022-1263,
     CVE-2022-1353,
     CVE-2022-28388,
     CVE-2022-28389,
     CVE-2022-28390,
     CVE-2022-29582

This kernel-linus update is based on upstream 5.15.35 and fixes at least the
following security issues:

A denial of service (DOS) issue was found in the Linux kernel 
smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
File System (CIFS) due to an incorrect return from the memdup_user function.
This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the
system (CVE-2022-0168).

x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region
(CVE-2022-1158).

A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow
attacker to crash linux kernel by simulating Amateur Radio from user-space
(CVE-2022-1198).

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25
protocol functionality in the way a user connects with the protocol. This
flaw allows a local user to crash the system (CVE-2022-1204).

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur
Radio AX.25 protocol functionality in the way a user connects with the
protocol. This flaw allows a local user to crash the system
(CVE-2022-1205).

A null pointer dereference was found in the kvm module which can lead to
denial of service (CVE-2022-1263).

A vulnerability was found in the pfkey_register function in net/key/af_key.c
in the Linux kernel. This flaw allows a local, unprivileged user to gain
access to kernel memory, leading to a system crash or a leak of internal
kernel information (CVE-2022-1353).

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28388).

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28389).

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28390).

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due
to a race condition in io_uring timeouts. This can be triggered by a local
user who has no access to any user namespace (CVE-2022-29582).

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=30331
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.35
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582

SRPMS:
- 8/core/kernel-linus-5.15.35-1.mga8

Mageia 2022-0155: kernel-linus security update

This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_q...

Summary

This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues:
A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system (CVE-2022-0168).
x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158).
A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow attacker to crash linux kernel by simulating Amateur Radio from user-space (CVE-2022-1198).
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1204).
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1205).
A null pointer dereference was found in the kvm module which can lead to denial of service (CVE-2022-1263).
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information (CVE-2022-1353).
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28388).
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28389).
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28390).
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace (CVE-2022-29582).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=30331

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.35

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582

Resolution

MGASA-2022-0155 - Updated kernel-linus packages fix security vulnerabilities

SRPMS

- 8/core/kernel-linus-5.15.35-1.mga8

Severity
Publication date: 28 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0155.html
Type: security
CVE: CVE-2022-0168, CVE-2022-1158, CVE-2022-1198, CVE-2022-1204, CVE-2022-1205, CVE-2022-1263, CVE-2022-1353, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390, CVE-2022-29582

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved