Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: MGASA-2023-0202 Critical: Kernel-Linus Denial of Service

mageia
Calendar Grey June 19, 2023
Dist Mageia Esm H88
The latest kernel update for Mageia resolves numerous vulnerabilities, improving both system robustness and security features.
This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree be...

Summary

This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues:
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs (CVE-2022-48425).
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system (CVE-2023-2156).
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component (CVE-2023-2269).
An issue was discovered in...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32002

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.111

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.113

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.114

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.115

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.116

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.117

- https://www.cve.org/CVERecord?id=CVE-2022-48425

- https://www.cve.org/CVERecord?id=CVE-2023-2156

- https://www.cve.org/CVERecord?id=CVE-2023-2269

- https://www.cve.org/CVERecord?id=CVE-2023-31084

- https://www.cve.org/CVERecord?id=CVE-2023-32233

- https://www.cve.org/CVERecord?id=CVE-2023-34256

Topics%20covered

Topics Covered

security advisory denial of service kernel update kernel system protection memory safety Mageia

Resolution

SRPMS

- 8/core/kernel-linus-5.15.117-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 19 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0202.html
Type: security
CVE: CVE-2022-48425, CVE-2023-2156, CVE-2023-2269, CVE-2023-31084, CVE-2023-32233, CVE-2023-34256

Topics%20covered

Topics Covered

security advisory denial of service kernel update kernel system protection memory safety Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here