Mageia 8 MGASA-2022-0379 Critical: Kernel Denial of Service Threat
mageia
October 23, 2022
This kernel update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel
Summary
This kernel update is based on upstream 5.15.74 and fixes at least the
following security issues:
A flaw was found in the Linux kernel. The existing KVM SEV API has a
vulnerability that allows a non-root (host) user-level application to
crash the host kernel by creating a confidential guest VM instance in
AMD CPU that supports Secure Encrypted Virtualization (SEV)
(CVE-2022-0171).
A flaw was found in vDPA with VDUSE backend. There are currently no checks
in VDUSE kernel driver to ensure the size of the device config space is in
line with the features advertised by the VDUSE userspace application. In
case of a mismatch, Virtio drivers config read helpers do not initialize
the memory indirectly passed to vduse_vdpa_get_config() returning
uninitialized memory from the stack. This could cause undefined behavior or
data leaks in Virtio drivers (CVE-2022-2308).
An issue was found in the Linux kernel in nf_conntrack_irc where the
message handling can be confused and incorrectly matches the...
References
- https://bugs.mageia.org/show_bug.cgi?id=30969
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.66
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.67
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.69
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.70
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.71
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.72
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.73
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.74
- https://www.cve.org/CVERecord?id=CVE-2022-0171
- https://www.cve.org/CVERecord?id=CVE-2022-2308
- https://www.cve.org/CVERecord?id=CVE-2022-2663
- https://www.cve.org/CVERecord?id=CVE-2022-3061
- https://www.cve.org/CVERecord?id=CVE-2022-3303
- https://www.cve.org/CVERecord?id=CVE-2022-3586
- https://www.cve.org/CVERecord?id=CVE-2022-20421
- https://www.cve.org/CVERecord?id=CVE-2022-39842
- https://www.cve.org/CVERecord?id=CVE-2022-40307
- https://www.cve.org/CVERecord?id=CVE-2022-40768
- https://www.cve.org/CVERecord?id=CVE-2022-42719
- https://www.cve.org/CVERecord?id=CVE-2022-42720
- https://www.cve.org/CVERecord?id=CVE-2022-42721
- https://www.cve.org/CVERecord?id=CVE-2022-42722
- https://www.cve.org/CVERecord?id=CVE-2022-41674
Resolution
SRPMS
- 8/core/kernel-5.15.74-1.mga8
- 8/core/kmod-virtualbox-6.1.38-1.6.mga8
- 8/core/kmod-xtables-addons-3.21-1.6.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 23 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0379.html
Type: security
CVE: CVE-2022-0171,
CVE-2022-2308,
CVE-2022-2663,
CVE-2022-3061,
CVE-2022-3303,
CVE-2022-3586,
CVE-2022-20421,
CVE-2022-39842,
CVE-2022-40307,
CVE-2022-40768,
CVE-2022-42719,
CVE-2022-42720,
CVE-2022-42721,
CVE-2022-42722,
CVE-2022-41674
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!