Mageia 8: MGASA-2023-0149 Moderate: Kernel-Linus Use After Free
mageia
April 17, 2023
This kernel-linus update is based on upstream 5.15.106 and fixes atleast the following security issues: A flaw was found in the Linux Kernel
Summary
This kernel-linus update is based on upstream 5.15.106 and fixes atleast the
following security issues:
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket
UID hardcoded to 0 due to a type confusion in their initialization function.
While it will be often correct, as tuntap devices require CAP_NET_ADMIN,
it may not always be the case, e.g., a non-root user only having that
capability. This would make tun/tap sockets being incorrectly treated in
filtering/routing decisions, possibly bypassing network filters(CVE-2023-1076).
In the Linux kernel, pick_next_rt_entity() may return a type confused entry,
not detected by the BUG_ON condition, as the confused entry will not be
NULL, but list_head.The buggy error condition would lead to a type confused
entry with the list head,which would then be used as a type confused
sched_rt_entity,causing memory corruption (CVE-2023-1077).
A flaw was found in the Linux kernel. A use-after-free may be triggered in
asus_kbd_backlig...
References
- https://bugs.mageia.org/show_bug.cgi?id=31778
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.99
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.100
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.101
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.102
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.103
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.104
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.105
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.106
- https://www.cve.org/CVERecord?id=CVE-2023-1076
- https://www.cve.org/CVERecord?id=CVE-2023-1077
- https://www.cve.org/CVERecord?id=CVE-2023-1079
- https://www.cve.org/CVERecord?id=CVE-2023-1118
- https://www.cve.org/CVERecord?id=CVE-2023-1611
- https://www.cve.org/CVERecord?id=CVE-2023-1670
- https://www.cve.org/CVERecord?id=CVE-2023-1829
- https://www.cve.org/CVERecord?id=CVE-2023-1855
- https://www.cve.org/CVERecord?id=CVE-2023-1989
- https://www.cve.org/CVERecord?id=CVE-2023-1990
- https://www.cve.org/CVERecord?id=CVE-2022-4269
- https://www.cve.org/CVERecord?id=CVE-2022-4379
- https://www.cve.org/CVERecord?id=CVE-2023-25012
- https://www.cve.org/CVERecord?id=CVE-2023-28466
- https://www.cve.org/CVERecord?id=CVE-2023-30456
- https://www.cve.org/CVERecord?id=CVE-2023-30772
Resolution
SRPMS
- 8/core/kernel-linus-5.15.106-1.mga8
PREVIOUS
NEXT
Publication date: 17 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0149.html
Type: security
CVE: CVE-2023-1076,
CVE-2023-1077,
CVE-2023-1079,
CVE-2023-1118,
CVE-2023-1611,
CVE-2023-1670,
CVE-2023-1829,
CVE-2023-1855,
CVE-2023-1989,
CVE-2023-1990,
CVE-2022-4269,
CVE-2022-4379,
CVE-2023-25012,
CVE-2023-28466,
CVE-2023-30456,
CVE-2023-30772
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!