MGASA-2022-0212 - Updated kernel packages fix security vulnerabilities
Publication date: 28 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0212.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-1729,
CVE-2022-1789,
CVE-2022-21499
This kernel update is based on upstream 5.15.43 and fixes at least the
following security issues:
A race condition in the perf subsystem allows for a local privilege
escalation. NOTE: Mageia kernels by default has disabled the perf usage
for unprivileged users, effectively rendering this vulnerability harmless
(CVE-2022-1729).
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
(CVE-2022-1789).
Kernel could allow a remote attacker to bypass security restrictions,
caused by a lockdown break issue. By sending a specially-crafted request
using the kernel debugger, an attacker could exploit this vulnerability
to perform read and write access to kernel memory (CVE-2022-21499).
Other fixes in this update:
- ice: fix crash at allocation failure
For other upstream fixes, see the referenced changelogs.
References:
- https://bugs.mageia.org/show_bug.cgi?id=30475
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
SRPMS:
- 8/core/kernel-5.15.43-1.mga8
- 8/core/kmod-virtualbox-6.1.34-1.8.mga8
- 8/core/kmod-xtables-addons-3.20-1.4.mga8
Mageia 2022-0212: kernel security update
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation
Summary
This kernel update is based on upstream 5.15.43 and fixes at least the
following security issues:
A race condition in the perf subsystem allows for a local privilege
escalation. NOTE: Mageia kernels by default has disabled the perf usage
for unprivileged users, effectively rendering this vulnerability harmless
(CVE-2022-1729).
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
(CVE-2022-1789).
Kernel could allow a remote attacker to bypass security restrictions,
caused by a lockdown break issue. By sending a specially-crafted request
using the kernel debugger, an attacker could exploit this vulnerability
to perform read and write access to kernel memory (CVE-2022-21499).
Other fixes in this update:
- ice: fix crash at allocation failure
For other upstream fixes, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=30475
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
Resolution
MGASA-2022-0212 - Updated kernel packages fix security vulnerabilities
SRPMS
- 8/core/kernel-5.15.43-1.mga8
- 8/core/kmod-virtualbox-6.1.34-1.8.mga8
- 8/core/kmod-xtables-addons-3.20-1.4.mga8
Severity
Publication date: 28 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0212.html
Type: security
CVE: CVE-2022-1729,
CVE-2022-1789,
CVE-2022-21499
News
HOWTOs
Features
How To Hide Your IP And Keep From Being Tracked
Which Browser is Best for Online Security?
Complete Guide to Using Wapiti Web Vulnerability Scanner to Keep Your Web Applications & Websites Secure
Guide to Web Application Penetration Testing
Thank You for Participating in Our Security Dashboard Redesign Survey
About Us
Powered By
