Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Mageia 8: MGASA-2023-0251 Critical: Kernel-Linus Security Flaws Mitigation

mageia
Calendar Grey August 23, 2023
Dist Mageia Esm H88
Mageia 2023-0252 kernel-linus upgrade resolves major vulnerabilities, improving overall system security.
This kerne-linusl update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural sta...

Summary

This kerne-linusl update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues:
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-40982, INTEL-SA-00828).
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (CVE-2023-1206).
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privile...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32169

- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html

- https://xenbits.xen.org/xsa/advisory-432.html

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.123

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.124

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.125

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.126

- https://www.cve.org/CVERecord?id=CVE-2022-40982

- https://www.cve.org/CVERecord?id=CVE-2023-1206

- https://www.cve.org/CVERecord?id=CVE-2023-4004

- https://www.cve.org/CVERecord?id=CVE-2023-4147

- https://www.cve.org/CVERecord?id=CVE-2023-20569

- https://www.cve.org/CVERecord?id=CVE-2023-34319

Topics%20covered

Topics Covered

security advisory DoS kernel critical severity information exposure system protection Mageia

Resolution

SRPMS

- 8/core/kernel-linus-5.15.126-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 23 Aug 2023
URL: https://advisories.mageia.org/MGASA-2023-0251.html
Type: security
CVE: CVE-2022-40982, CVE-2023-1206, CVE-2023-4004, CVE-2023-4147, CVE-2023-20569, CVE-2023-34319

Topics%20covered

Topics Covered

security advisory DoS kernel critical severity information exposure system protection Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here