Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Mageia 8: 2023-0008 Critical: Kernel-Linus Exploit Fixes

mageia
Calendar Grey January 22, 2023
Dist Mageia Esm H88
Mageia 2023-0009 rectifies significant gcc vulnerabilities, bolstering operational integrity through a series of patches.
This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in...

Summary

This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues:
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-3424).
A vulnerability in the function btf_dump_name_dups of the file tools/lib/bpf/ btf_dump.c of the component libbpf. This flaw allows a manipulation that may lea to a use-after-free issue (CVE-2022-3534).
A vulnerability was found in area_cache_get in drivers/net/ethernet/ netronome/nfp/nfpcore/nfp_cppcore.c in the Netronome Flow Processor (NFP) driver in the Linux kernel. This flaw allows a manipulation that may lead to a use-after-free issue (CVE-2022-3545).
Guests can trigger NIC interface reset/abort/crash via netback. It is possible for a guest to trig...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31406

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.84

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.85

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.87

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.88

- https://xenbits.xenproject.org/xsa/advisory-423.txt

- https://www.cve.org/CVERecord?id=CVE-2022-3424

- https://www.cve.org/CVERecord?id=CVE-2022-3534

- https://www.cve.org/CVERecord?id=CVE-2022-3545

- https://www.cve.org/CVERecord?id=CVE-2022-3643

- https://www.cve.org/CVERecord?id=CVE-2022-36280

- https://www.cve.org/CVERecord?id=CVE-2022-41218

- https://www.cve.org/CVERecord?id=CVE-2022-45934

- https://www.cve.org/CVERecord?id=CVE-2022-47929

- https://www.cve.org/CVERecord?id=CVE-2023-0210

- https://www.cve.org/CVERecord?id=CVE-2023-0266

- https://www.cve.org/CVERecord?id=CVE-2023-23454

- https://www.cve.org/CVERecord?id=CVE-2023-23455

Topics%20covered

Topics Covered

security advisory critical update exploit fix Denial of Service use-after-free Mageia kernel-linus

Resolution

SRPMS

- 8/core/kernel-linus-5.15.88-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 22 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0008.html
Type: security
CVE: CVE-2022-3424, CVE-2022-3534, CVE-2022-3545, CVE-2022-3643, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0210, CVE-2023-0266, CVE-2023-23454, CVE-2023-23455

Topics%20covered

Topics Covered

security advisory critical update exploit fix Denial of Service use-after-free Mageia kernel-linus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here