Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: 2022-0212 Moderate: Kernel Escalation and Unapproved Access Risks

mageia
Calendar Grey May 28, 2022
Dist Mageia Esm H88
Ubuntu 22.04 kernel patch addresses multiple security flaws, such as information disclosure and denial of service vulnerabilities.
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation

Summary

This kernel update is based on upstream 5.15.43 and fixes at least the following security issues:
A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this vulnerability harmless (CVE-2022-1729).
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789).
Kernel could allow a remote attacker to bypass security restrictions, caused by a lockdown break issue. By sending a specially-crafted request using the kernel debugger, an attacker could exploit this vulnerability to perform read and write access to kernel memory (CVE-2022-21499).
Other fixes in this update: - ice: fix crash at allocation failure
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=30475

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43

- https://www.cve.org/CVERecord?id=CVE-2022-1729

- https://www.cve.org/CVERecord?id=CVE-2022-1789

- https://www.cve.org/CVERecord?id=CVE-2022-21499

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation remote access Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.43-1.mga8

- 8/core/kmod-virtualbox-6.1.34-1.8.mga8

- 8/core/kmod-xtables-addons-3.20-1.4.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 28 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0212.html
Type: security
CVE: CVE-2022-1729, CVE-2022-1789, CVE-2022-21499

Topics%20covered

Topics Covered

security advisory kernel update privilege escalation remote access Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here