Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: MGASA-2022-0195 Moderate: Kernel Security Issues and Fixes

mageia
Calendar Grey May 21, 2022
Dist Mageia Esm H88
The latest kernel update for Mageia addresses multiple security vulnerabilities such as privilege escalation flaws and memory leak issues.
This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to...

Summary

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues:
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-0500).
Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service (CVE-2022-1012).
A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulati...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30436

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41

- https://www.cve.org/CVERecord?id=CVE-2022-0500

- https://www.cve.org/CVERecord?id=CVE-2022-1012

- https://www.cve.org/CVERecord?id=CVE-2022-1734

- https://www.cve.org/CVERecord?id=CVE-2022-23222

- https://www.cve.org/CVERecord?id=CVE-2022-28893

- https://www.cve.org/CVERecord?id=CVE-2022-29581

Topics%20covered

Topics Covered

security advisory privilege escalation DoS memory leak kernel Mageia BPF

Resolution

SRPMS

- 8/core/kernel-linus-5.15.41-1.mga8

Publication date: 21 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0195.html
Type: security
CVE: CVE-2022-0500, CVE-2022-1012, CVE-2022-1734, CVE-2022-23222, CVE-2022-28893, CVE-2022-29581

Topics%20covered

Topics Covered

security advisory privilege escalation DoS memory leak kernel Mageia BPF

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here