Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Mageia 8 MGASA-2022-0263 Moderate: Xen DoS And Buffer Overflow Threat

mageia
Calendar Grey July 20, 2022
Dist Mageia Esm H88
A vital kernel security patch rectifies severe vulnerabilities, notably Denial of Service and use-after-free problems for Slackware.
This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose...

Summary

This kernel update is based on upstream 5.15.55 and fixes at least the following security issues:
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges (CVE-2022-2318).
Xen Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740, XSA-403). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742, XSA-403).
Xen network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed (CVE-2022-33743, XSA-405).
Xen Arm guests can cause Dom0 DoS vi...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30642

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.51

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.52

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.53

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.54

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.55

- https://xenbits.xen.org/xsa/advisory-403.html

- https://xenbits.xen.org/xsa/advisory-405.html

- https://xenbits.xen.org/xsa/advisory-406.html

- https://www.cve.org/CVERecord?id=CVE-2022-2318

- https://www.cve.org/CVERecord?id=CVE-2022-26365

- https://www.cve.org/CVERecord?id=CVE-2022-33740

- https://www.cve.org/CVERecord?id=CVE-2022-33741

- https://www.cve.org/CVERecord?id=CVE-2022-33742

- https://www.cve.org/CVERecord?id=CVE-2022-33743

- https://www.cve.org/CVERecord?id=CVE-2022-33744

- https://www.cve.org/CVERecord?id=CVE-2022-34918

Topics%20covered

Topics Covered

security advisory buffer overflow kernel update DoS use-after-free Mageia Xen issue

Resolution

SRPMS

- 8/core/kernel-5.15.55-2.mga8

- 8/core/kmod-virtualbox-6.1.34-1.25.mga8

- 8/core/kmod-xtables-addons-3.20-1.25.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 20 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0263.html
Type: security
CVE: CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33743, CVE-2022-33744, CVE-2022-34918

Topics%20covered

Topics Covered

security advisory buffer overflow kernel update DoS use-after-free Mageia Xen issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here