MGASA-2023-0201 - Updated kernel packages fix security vulnerabilities

Publication date: 19 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0201.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-48425,
     CVE-2023-2156,
     CVE-2023-2269,
     CVE-2023-31084,
     CVE-2023-32233,
     CVE-2023-34256

This kernel update is based on upstream 5.15.117 and fixes atleast
the following security issues:

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree
because it does not validate MFT flags before replaying logs
(CVE-2022-48425).

A flaw was found in the networking subsystem of the Linux kernel within
the handling of the RPL protocol. This issue results from the lack of
proper handling of user-supplied data, which can lead to an assertion
failure. This may allow an unauthenticated remote attacker to create a
denial of service condition on the system (CVE-2023-2156).

A denial of service problem was found, due to a possible recursive locking
scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c
in the Linux Kernel Device Mapper-Multipathing sub-component
(CVE-2023-2269).

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the
Linux kernel 6.2. There is a blocking operation when a task is in
!TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is
called; the condition is dvb_frontend_test_event(fepriv,events).
In dvb_frontend_test_event, down(&fepriv->sem) is called. However,
wait_event_interruptible would put the process to sleep, and
down(&fepriv->sem) may block the process (CVE-2023-31084).

In the Linux kernel through 6.3.1, a use-after-free in Netfilter
nf_tables when processing batch requests can be abused to perform arbitrary
read and write operations on kernel memory. Unprivileged local users can
obtain root privileges. This occurs because anonymous sets are mishandled
(CVE-2023-32233).

An issue was discovered in the Linux kernel before 6.3.3. There is an
out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c
because ext4_group_desc_csum does not properly check an offset 
(CVE-2023-34256).

For other upstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32001
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.111
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.113
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.114
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.115
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.116
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.117
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48425
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34256

SRPMS:
- 8/core/kernel-5.15.117-2.mga8
- 8/core/kmod-virtualbox-7.0.8-1.8.mga8
- 8/core/kmod-xtables-addons-3.23-1.18.mga8

Mageia 2023-0201: kernel security update

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because ...

Summary

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues:
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs (CVE-2022-48425).
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system (CVE-2023-2156).
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component (CVE-2023-2269).
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process (CVE-2023-31084).
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled (CVE-2023-32233).
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset (CVE-2023-34256).
For other upstream fixes in this update, see the referenced changelogs.

References

- https://bugs.mageia.org/show_bug.cgi?id=32001

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.111

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.113

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.114

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.115

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.116

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.117

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48425

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2156

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34256

Resolution

MGASA-2023-0201 - Updated kernel packages fix security vulnerabilities

SRPMS

- 8/core/kernel-5.15.117-2.mga8

- 8/core/kmod-virtualbox-7.0.8-1.8.mga8

- 8/core/kmod-xtables-addons-3.23-1.18.mga8

Severity
Publication date: 19 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0201.html
Type: security
CVE: CVE-2022-48425, CVE-2023-2156, CVE-2023-2269, CVE-2023-31084, CVE-2023-32233, CVE-2023-34256

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved