Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia 8: MGASA-2023-0201 Moderate: Kernel Issues and DoS

mageia
Calendar Grey June 19, 2023
Dist Mageia Esm H88
Mageia kernel patch (MGASA-2023-0202) fixes severe issues like denial of service and improper memory handling vulnerabilities.
This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because ...

Summary

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues:
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs (CVE-2022-48425).
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system (CVE-2023-2156).
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component (CVE-2023-2269).
An issue was discovered in drive...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32001

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.111

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.113

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.114

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.115

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.116

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.117

- https://www.cve.org/CVERecord?id=CVE-2022-48425

- https://www.cve.org/CVERecord?id=CVE-2023-2156

- https://www.cve.org/CVERecord?id=CVE-2023-2269

- https://www.cve.org/CVERecord?id=CVE-2023-31084

- https://www.cve.org/CVERecord?id=CVE-2023-32233

- https://www.cve.org/CVERecord?id=CVE-2023-34256

Topics%20covered

Topics Covered

security advisory security update security issue DoS kernel memory access Mageia

Resolution

SRPMS

- 8/core/kernel-5.15.117-2.mga8

- 8/core/kmod-virtualbox-7.0.8-1.8.mga8

- 8/core/kmod-xtables-addons-3.23-1.18.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0201.html
Type: security
CVE: CVE-2022-48425, CVE-2023-2156, CVE-2023-2269, CVE-2023-31084, CVE-2023-32233, CVE-2023-34256

Topics%20covered

Topics Covered

security advisory security update security issue DoS kernel memory access Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here