Mageia 8: MGASA-2022-0305 Key Kernel Update To Mitigate Escalation Threats

mageia

August 25, 2022

This kernel update is based on upstream 5.15.62 and fixes at least the following security issues: A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driv...

Summary

This kernel update is based on upstream 5.15.62 and fixes at least the following security issues:
A use-after-free flaw was found in the Linux kernel Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-1679).
A use-after-free flaw was found in the Linux kernel’s POSIX CPU timersfunctionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-2585).
A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation (CVE-2022-2586).
A use-after-free...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30750

- https://bugs.mageia.org/show_bug.cgi?id=30725

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.59

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.60

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62

- https://www.cve.org/CVERecord?id=CVE-2022-1679

- https://www.cve.org/CVERecord?id=CVE-2022-2585

- https://www.cve.org/CVERecord?id=CVE-2022-2586

- https://www.cve.org/CVERecord?id=CVE-2022-2588

- https://www.cve.org/CVERecord?id=CVE-2022-26373

Topics Covered

security advisory kernel update privilege escalation system crash critical issues use-after-free Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.62-1.mga8

- 8/core/kmod-virtualbox-6.1.36-1.10.mga8

- 8/core/kmod-xtables-addons-3.21-1.2.mga8

- 8/core/xtables-addons-3.21-1.mga8

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 25 Aug 2022

URL: https://advisories.mageia.org/MGASA-2022-0305.html

Type: security

CVE: CVE-2022-1679, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373

Topics Covered

security advisory kernel update privilege escalation system crash critical issues use-after-free Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8: MGASA-2022-0305 Key Kernel Update To Mitigate Escalation Threats

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8: MGASA-2022-0305 Key Kernel Update To Mitigate Escalation Threats

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!