Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Mageia 8 MGASA-2022-0242 Critical Kernel Data Leak Issues

mageia
Calendar Grey June 29, 2022
Dist Mageia Esm H88
The kernel refresh MGASA-2022-0242 tackles several vulnerabilities, enhancing protection against potential data exposures from local entry.
This kernel update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may all...

Summary

This kernel update is based on upstream 5.15.50 and fixes at least the following security issues:
Incomplete cleanup of multi-core shared buffers for some Intel Processorsmay allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-21123).
Incomplete cleanup of microarchitectural fill buffers on some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-21125).
Incomplete cleanup in specific special register read operations for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-21127, CVE-2022-21166).
For other upstream fixes, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=30563

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.47

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.48

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.49

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.50

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html

- https://www.cve.org/CVERecord?id=CVE-2022-21123

- https://www.cve.org/CVERecord?id=CVE-2022-21125

- https://www.cve.org/CVERecord?id=CVE-2022-21127

- https://www.cve.org/CVERecord?id=CVE-2022-21166

Topics%20covered

Topics Covered

security advisory critical kernel local access information disclosure Mageia microarchitectural

Resolution

SRPMS

- 8/core/kernel-5.15.50-1.mga8

- 8/core/kmod-virtualbox-6.1.34-1.20.mga8

- 8/core/kmod-xtables-addons-3.20-1.20.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 29 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0242.html
Type: security
CVE: CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166

Topics%20covered

Topics Covered

security advisory critical kernel local access information disclosure Mageia microarchitectural

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here