Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 9: MGASA-2023-0295 Moderate: Kernel Security Flaws Update

mageia
Calendar Grey October 22, 2023
Dist Mageia Esm H88
Kernel package enhancement MDASA-2023-0298 resolves various security flaws for Mageia platforms. Maintain safety.
This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel

Summary

This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues:
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. CVE-2023-1076
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32296

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.11

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.13

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.14

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.15

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16

- https://www.cve.org/CVERecord?id=CVE-2023-1076

- https://www.cve.org/CVERecord?id=CVE-2023-4155

- https://www.cve.org/CVERecord?id=CVE-2023-4921

- https://www.cve.org/CVERecord?id=CVE-2023-5197

- https://www.cve.org/CVERecord?id=CVE-2023-25775

- https://www.cve.org/CVERecord?id=CVE-2023-42754

- https://www.cve.org/CVERecord?id=CVE-2023-42756

Topics%20covered

Topics Covered

security advisory denial of service kernel update privilege escalation security flaws network access Mageia

Resolution

SRPMS

- 9/core/kernel-6.4.16-3.mga9

- 9/core/kmod-virtualbox-7.0.10-33.mga9

- 9/core/kmod-xtables-addons-3.24-48.mga9

Publication date: 22 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0295.html
Type: security
CVE: CVE-2023-1076, CVE-2023-4155, CVE-2023-4921, CVE-2023-5197, CVE-2023-25775, CVE-2023-42754, CVE-2023-42756

Topics%20covered

Topics Covered

security advisory denial of service kernel update privilege escalation security flaws network access Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here