Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Mageia 8 - 2023-0088 Critical: Kernel-Linus Fixes Spectre Attacks

mageia
Calendar Grey March 11, 2023
Dist Mageia Esm H88
The latest kernel update for Mageia tackles several vulnerabilities, including risks associated with Spectre and various memory-related bugs. It is recommended to upgrade immediately.
This kernel-linus update is based on upstream 5.15.98 and fixes atleast the following security issues: A regression exists in the Linux Kernel within KVM: nVMX that allowed for sp...

Summary

This kernel-linus update is based on upstream 5.15.98 and fixes atleast the following security issues:
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine (CVE-2022-2196).
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system (CVE-2022-3707).
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causin...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31632

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.89

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.90

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.91

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.92

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.93

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.94

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.95

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.96

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.97

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.98

- https://www.cve.org/CVERecord?id=CVE-2022-2196

- https://www.cve.org/CVERecord?id=CVE-2022-3707

- https://www.cve.org/CVERecord?id=CVE-2022-4129

- https://www.cve.org/CVERecord?id=CVE-2022-4382

- https://www.cve.org/CVERecord?id=CVE-2022-4842

- https://www.cve.org/CVERecord?id=CVE-2022-27672

- https://www.cve.org/CVERecord?id=CVE-2023-0179

- https://www.cve.org/CVERecord?id=CVE-2023-0394

- https://www.cve.org/CVERecord?id=CVE-2023-1073

- https://www.cve.org/CVERecord?id=CVE-2023-1074

- https://www.cve.org/CVERecord?id=CVE-2023-1078

- https://www.cve.org/CVERecord?id=CVE-2023-23559

- https://www.cve.org/CVERecord?id=CVE-2023-26545

Topics%20covered

Topics Covered

security advisory kernel update critical fix memory flaw Mageia spectre attack

Resolution

SRPMS

- 8/core/kernel-linus-5.15.98-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 11 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0088.html
Type: security
CVE: CVE-2022-2196, CVE-2022-3707, CVE-2022-4129, CVE-2022-4382, CVE-2022-4842, CVE-2022-27672, CVE-2023-0179, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1078, CVE-2023-23559, CVE-2023-26545

Topics%20covered

Topics Covered

security advisory kernel update critical fix memory flaw Mageia spectre attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here