Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia 8: MGASA-2023-0007 Moderate Kernel Security Update (DoS)

mageia
Calendar Grey January 22, 2023
Dist Mageia Esm H88
Kernel upgrade 2023-0008 addresses multiple security flaws in Mageia, boosting both user and system safety through essential updates.
This kernel update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the w...

Summary

This kernel update is based on upstream 5.15.88 and fixes atleast the following security issues:
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-3424).
A vulnerability in the function btf_dump_name_dups of the file tools/lib/bpf/ btf_dump.c of the component libbpf. This flaw allows a manipulation that may lea to a use-after-free issue (CVE-2022-3534).
A vulnerability was found in area_cache_get in drivers/net/ethernet/ netronome/nfp/nfpcore/nfp_cppcore.c in the Netronome Flow Processor (NFP) driver in the Linux kernel. This flaw allows a manipulation that may lead to a use-after-free issue (CVE-2022-3545).
An out-of-bounds memory write vulnerability was found in the Linux kernel vmwgfx driver in vmw_kms_curso...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31405

- https://bugs.mageia.org/show_bug.cgi?id=31319

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.84

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.85

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.87

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.88

- https://www.cve.org/CVERecord?id=CVE-2022-3424

- https://www.cve.org/CVERecord?id=CVE-2022-3534

- https://www.cve.org/CVERecord?id=CVE-2022-3545

- https://www.cve.org/CVERecord?id=CVE-2022-36280

- https://www.cve.org/CVERecord?id=CVE-2022-41218

- https://www.cve.org/CVERecord?id=CVE-2022-45934

- https://www.cve.org/CVERecord?id=CVE-2022-47929

- https://www.cve.org/CVERecord?id=CVE-2023-0179

- https://www.cve.org/CVERecord?id=CVE-2023-0210

- https://www.cve.org/CVERecord?id=CVE-2023-0266

- https://www.cve.org/CVERecord?id=CVE-2023-23454

- https://www.cve.org/CVERecord?id=CVE-2023-23455

Topics%20covered

Topics Covered

security advisory moderate denial of service local privilege escalation kernel use after free mageia

Resolution

SRPMS

- 8/core/kernel-5.15.88-1.mga8

- 8/core/kmod-virtualbox-7.0.4-1.4.mga8

- 8/core/kmod-xtables-addons-3.23-1.2.mga8

- 8/core/xtables-addons-3.23-1.mga8

Publication date: 22 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0007.html
Type: security
CVE: CVE-2022-3424, CVE-2022-3534, CVE-2022-3545, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0210, CVE-2023-0266, CVE-2023-23454, CVE-2023-23455

Topics%20covered

Topics Covered

security advisory moderate denial of service local privilege escalation kernel use after free mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here