Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mageia 8: MGASA-2022-0194 Moderate: Kernel Security Flaws

mageia
Calendar Grey May 21, 2022
Dist Mageia Esm H88
Kernel revision MGASA-2022-0194 tackles vulnerabilities, such as potential privilege escalation and leakage of memory.
This kernel update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a pos...

Summary

This kernel update is based on upstream 5.15.41 and fixes at least the following security issues:
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-0500).
Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service (CVE-2022-1012).
A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulating the...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30435

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41

- https://www.cve.org/CVERecord?id=CVE-2022-0500

- https://www.cve.org/CVERecord?id=CVE-2022-1012

- https://www.cve.org/CVERecord?id=CVE-2022-1734

- https://www.cve.org/CVERecord?id=CVE-2022-23222

- https://www.cve.org/CVERecord?id=CVE-2022-28893

- https://www.cve.org/CVERecord?id=CVE-2022-29581

Resolution

SRPMS

- 8/core/kernel-5.15.41-1.mga8

- 8/core/kmod-virtualbox-6.1.34-1.7.mga8

- 8/core/kmod-xtables-addons-3.20-1.3.mga8

Publication date: 21 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0194.html
Type: security
CVE: CVE-2022-0500, CVE-2022-1012, CVE-2022-1734, CVE-2022-23222, CVE-2022-28893, CVE-2022-29581

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here