Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 8 MGASA-2023-0237 Moderate: Kernel Privilege Escalation Threat

mageia
Calendar Grey July 19, 2023
Dist Mageia Esm H88
Patch release MGASA-2023-0238 addresses various vulnerabilities in the kernel of Mandriva, enhancing overall system security and performance.
This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol wa...

Summary

This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues:
A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support (CVE-2023-3338).
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue (CVE-2023-3390).
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248).
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm regis...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32093

- https://bugs.mageia.org/show_bug.cgi?id=31982

- https://www.cve.org/CVERecord?id=CVE-2023-3338

- https://www.cve.org/CVERecord?id=CVE-2023-3390

- https://www.cve.org/CVERecord?id=CVE-2023-31248

- https://www.cve.org/CVERecord?id=CVE-2023-35001

Topics%20covered

Topics Covered

security advisory privilege escalation kernel system stability remote access issue networking flaw mageia

Resolution

SRPMS

- 8/core/kernel-5.15.120-2.mga8

- 8/core/kmod-virtualbox-7.0.8-1.12.mga8

- 8/core/kmod-xtables-addons-3.23-1.22.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0237.html
Type: security
CVE: CVE-2023-3338, CVE-2023-3390, CVE-2023-31248, CVE-2023-35001

Topics%20covered

Topics Covered

security advisory privilege escalation kernel system stability remote access issue networking flaw mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here