Mageia 8: MGASA-2022-0155 Critical DoS and Memory Issues
mageia
April 28, 2022
This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_q...
Summary
This kernel-linus update is based on upstream 5.15.35 and fixes at least the
following security issues:
A denial of service (DOS) issue was found in the Linux kernel
smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
File System (CIFS) due to an incorrect return from the memdup_user function.
This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the
system (CVE-2022-0168).
x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region
(CVE-2022-1158).
A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow
attacker to crash linux kernel by simulating Amateur Radio from user-space
(CVE-2022-1198).
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25
protocol functionality in the way a user connects with the protocol. This
flaw allows a local user to crash the system (CVE-2022-1204).
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur
Radio AX.25 protocol functionality in the way a...
References
- https://bugs.mageia.org/show_bug.cgi?id=30331
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.35
- https://www.cve.org/CVERecord?id=CVE-2022-0168
- https://www.cve.org/CVERecord?id=CVE-2022-1158
- https://www.cve.org/CVERecord?id=CVE-2022-1198
- https://www.cve.org/CVERecord?id=CVE-2022-1204
- https://www.cve.org/CVERecord?id=CVE-2022-1205
- https://www.cve.org/CVERecord?id=CVE-2022-1263
- https://www.cve.org/CVERecord?id=CVE-2022-1353
- https://www.cve.org/CVERecord?id=CVE-2022-28388
- https://www.cve.org/CVERecord?id=CVE-2022-28389
- https://www.cve.org/CVERecord?id=CVE-2022-28390
- https://www.cve.org/CVERecord?id=CVE-2022-29582
Topics Covered
Resolution
SRPMS
- 8/core/kernel-linus-5.15.35-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 28 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0155.html
Type: security
CVE: CVE-2022-0168,
CVE-2022-1158,
CVE-2022-1198,
CVE-2022-1204,
CVE-2022-1205,
CVE-2022-1263,
CVE-2022-1353,
CVE-2022-28388,
CVE-2022-28389,
CVE-2022-28390,
CVE-2022-29582
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!