Mageia 8: 2022-0442 Critical: Kernel Memory Leak and Escalation
mageia
November 27, 2022
This kernel update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel
Summary
This kernel update is based on upstream 5.15.79 and fixes at least the
following security issues:
A flaw was found in the Linux kernel. A race issue occurs between an
io_uring request and the Unix socket garbage collector, allowing an attacker
local privilege escalation (CVE-2022-2602).
A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
ipv6_renew_options of the component IPv6 Handler. The manipulation leads
to memory leak. The attack can be launched remotely (CVE-2022-3524).
A vulnerability classified as problematic was found in Linux Kernel.
Affected by this vulnerability is the function mvpp2_dbgfs_port_init of
the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the
component mvpp2. The manipulation leads to memory leak (CVE-2022-3535).
A vulnerability classified as problematic was found in Linux Kernel. This
vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/
ethernet/br...
References
- https://bugs.mageia.org/show_bug.cgi?id=31148
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.75
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.76
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.77
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.78
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.79
- https://www.cve.org/CVERecord?id=CVE-2022-2602
- https://www.cve.org/CVERecord?id=CVE-2022-3524
- https://www.cve.org/CVERecord?id=CVE-2022-3535
- https://www.cve.org/CVERecord?id=CVE-2022-3542
- https://www.cve.org/CVERecord?id=CVE-2022-3543
- https://www.cve.org/CVERecord?id=CVE-2022-3564
- https://www.cve.org/CVERecord?id=CVE-2022-3565
- https://www.cve.org/CVERecord?id=CVE-2022-3594
- https://www.cve.org/CVERecord?id=CVE-2022-3619
- https://www.cve.org/CVERecord?id=CVE-2022-3623
- https://www.cve.org/CVERecord?id=CVE-2022-3628
- https://www.cve.org/CVERecord?id=CVE-2022-41849
- https://www.cve.org/CVERecord?id=CVE-2022-41850
- https://www.cve.org/CVERecord?id=CVE-2022-42895
- https://www.cve.org/CVERecord?id=CVE-2022-42896
- https://www.cve.org/CVERecord?id=CVE-2022-43945
Topics Covered
Resolution
SRPMS
- 8/core/kernel-5.15.79-1.mga8
- 8/core/kmod-virtualbox-7.0.2-1.2.mga8
- 8/core/kmod-xtables-addons-3.21-1.7.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 27 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0442.html
Type: security
CVE: CVE-2022-2602,
CVE-2022-3524,
CVE-2022-3535,
CVE-2022-3542,
CVE-2022-3543,
CVE-2022-3564,
CVE-2022-3565,
CVE-2022-3594,
CVE-2022-3619,
CVE-2022-3623,
CVE-2022-3628,
CVE-2022-41849,
CVE-2022-41850,
CVE-2022-42895,
CVE-2022-42896,
CVE-2022-43945
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!