Mageia 2022-0213: kernel-linus security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2022-0213 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 28 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0213.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-1729,
     CVE-2022-21499

This kernel-linus update is based on upstream 5.15.43 and fixes at least
the following security issues:

A race condition in the perf subsystem allows for a local privilege
escalation. NOTE: Mageia kernels by default has disabled the perf usage
for unprivileged users, effectively rendering this vulnerability harmless
(CVE-2022-1729).

Kernel could allow a remote attacker to bypass security restrictions,
caused by a lockdown break issue. By sending a specially-crafted request
using the kernel debugger, an attacker could exploit this vulnerability
to perform read and write access to kernel memory (CVE-2022-21499).

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=30476
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499

SRPMS:
- 8/core/kernel-linus-5.15.43-1.mga8

Mageia 2022-0213: kernel-linus security update

This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalat...

Summary

This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues:
A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this vulnerability harmless (CVE-2022-1729).
Kernel could allow a remote attacker to bypass security restrictions, caused by a lockdown break issue. By sending a specially-crafted request using the kernel debugger, an attacker could exploit this vulnerability to perform read and write access to kernel memory (CVE-2022-21499).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=30476

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499

Resolution

MGASA-2022-0213 - Updated kernel-linus packages fix security vulnerabilities

SRPMS

- 8/core/kernel-linus-5.15.43-1.mga8

Severity
Publication date: 28 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0213.html
Type: security
CVE: CVE-2022-1729, CVE-2022-21499

Related News

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

Companies Can’t Stop Using Open Source

8 Reasons Why Kali Linux is the Ultimate Operating System for Hackers

Microsoft Opens Azure Confidential Containers to Public Preview

News

Advisories

HOWTOs

Features

ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
ZeroLock: How to Defend Against Ransomware on Linux

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy