Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Mageia 8: MGASA-2022-0264 Critical: Kernel-Linus Update Risks

mageia
Calendar Grey July 20, 2022
Dist Mageia Esm H88
The kernel update for Mageia rectifies multiple vulnerabilities, including a buffer overflow risk and potential denial of service scenarios.
This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/ros...

Summary

This kernel-linus update is based on upstream 5.15.55 and fixes at least the following security issues:
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges (CVE-2022-2318).
Xen Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740, XSA-403). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742, XSA-403).
Xen network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed (CVE-2022-33743, XSA-405).
Xen Arm guests can cause Dom0 ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30643

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.51

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.52

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.53

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.54

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.55

- https://xenbits.xen.org/xsa/advisory-403.html

- https://xenbits.xen.org/xsa/advisory-405.html

- https://xenbits.xen.org/xsa/advisory-406.html

- https://www.cve.org/CVERecord?id=CVE-2022-2318

- https://www.cve.org/CVERecord?id=CVE-2022-26365

- https://www.cve.org/CVERecord?id=CVE-2022-33740

- https://www.cve.org/CVERecord?id=CVE-2022-33741

- https://www.cve.org/CVERecord?id=CVE-2022-33742

- https://www.cve.org/CVERecord?id=CVE-2022-33743

- https://www.cve.org/CVERecord?id=CVE-2022-33744

- https://www.cve.org/CVERecord?id=CVE-2022-34918

Topics%20covered

Topics Covered

security advisory security issue buffer overflow kernel update Denial of Service linux kernel Mageia

Resolution

SRPMS

- 8/core/kernel-linus-5.15.55-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0264.html
Type: security
CVE: CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33743, CVE-2022-33744, CVE-2022-34918

Topics%20covered

Topics Covered

security advisory security issue buffer overflow kernel update Denial of Service linux kernel Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here