Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Mageia 8: MGASA-2022-0380 Moderate Kernel Update with Security Issues

mageia
Calendar Grey October 23, 2022
Dist Mageia Esm H88
Mageia 8 has released a Kernel Update that fixes several vulnerabilities such as potential denial of service and risks of memory corruption.
This kernel-linus update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel

Summary

This kernel-linus update is based on upstream 5.15.74 and fixes at least the following security issues:
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV) (CVE-2022-0171).
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers (CVE-2022-2308).
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly match...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30970

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.63

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.64

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.65

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.66

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.67

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.69

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.70

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.71

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.72

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.73

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.74

- https://www.cve.org/CVERecord?id=CVE-2022-0171

- https://www.cve.org/CVERecord?id=CVE-2022-2308

- https://www.cve.org/CVERecord?id=CVE-2022-2663

- https://www.cve.org/CVERecord?id=CVE-2022-2905

- https://www.cve.org/CVERecord?id=CVE-2022-3028

- https://www.cve.org/CVERecord?id=CVE-2022-3061

- https://www.cve.org/CVERecord?id=CVE-2022-3176

- https://www.cve.org/CVERecord?id=CVE-2022-3303

- https://www.cve.org/CVERecord?id=CVE-2022-3586

- https://www.cve.org/CVERecord?id=CVE-2022-20421

- https://www.cve.org/CVERecord?id=CVE-2022-39190

- https://www.cve.org/CVERecord?id=CVE-2022-39842

- https://www.cve.org/CVERecord?id=CVE-2022-40307

- https://www.cve.org/CVERecord?id=CVE-2022-40768

- https://www.cve.org/CVERecord?id=CVE-2022-42719

- https://www.cve.org/CVERecord?id=CVE-2022-42720

- https://www.cve.org/CVERecord?id=CVE-2022-42721

- https://www.cve.org/CVERecord?id=CVE-2022-42722

- https://www.cve.org/CVERecord?id=CVE-2022-41674

- https://www.cve.org/CVERecord?id=CVE-2022-42703

Resolution

SRPMS

- 8/core/kernel-linus-5.15.74-1.mga8

Publication date: 23 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0380.html
Type: security
CVE: CVE-2022-0171, CVE-2022-2308, CVE-2022-2663, CVE-2022-2905, CVE-2022-3028, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-3586, CVE-2022-20421, CVE-2022-39190, CVE-2022-39842, CVE-2022-40307, CVE-2022-40768, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-41674, CVE-2022-42703

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.