Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia 8: MGASA-2023-0148 Critical DoS and Memory Corruption Issues

mageia
Calendar Grey April 17, 2023
Dist Mageia Esm H88
Mageia's recent kernel upgrade rectifies numerous significant vulnerabilities, enhancing both the security and reliability of the system against potential threats.
This kernel update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel

Summary

This kernel update is based on upstream 5.15.106 and fixes atleast the following security issues:
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters(CVE-2023-1076).
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption (CVE-2023-1077).
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31777

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.99

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.100

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.101

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.102

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.103

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.104

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.105

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.106

- https://www.cve.org/CVERecord?id=CVE-2023-1076

- https://www.cve.org/CVERecord?id=CVE-2023-1077

- https://www.cve.org/CVERecord?id=CVE-2023-1079

- https://www.cve.org/CVERecord?id=CVE-2023-1118

- https://www.cve.org/CVERecord?id=CVE-2023-1611

- https://www.cve.org/CVERecord?id=CVE-2023-1670

- https://www.cve.org/CVERecord?id=CVE-2023-1829

- https://www.cve.org/CVERecord?id=CVE-2023-1855

- https://www.cve.org/CVERecord?id=CVE-2023-1989

- https://www.cve.org/CVERecord?id=CVE-2023-1990

- https://www.cve.org/CVERecord?id=CVE-2022-4269

- https://www.cve.org/CVERecord?id=CVE-2022-4379

- https://www.cve.org/CVERecord?id=CVE-2023-25012

- https://www.cve.org/CVERecord?id=CVE-2023-28466

- https://www.cve.org/CVERecord?id=CVE-2023-30456

- https://www.cve.org/CVERecord?id=CVE-2023-30772

Topics%20covered

Topics Covered

security advisory critical local privilege escalation DoS memory corruption kernel Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.106-2.mga8

- 8/core/kmod-virtualbox-7.0.6-1.8.mga8

- 8/core/kmod-xtables-addons-3.23-1.10.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 17 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0148.html
Type: security
CVE: CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2022-4269, CVE-2022-4379, CVE-2023-25012, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772

Topics%20covered

Topics Covered

security advisory critical local privilege escalation DoS memory corruption kernel Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here