Mageia 9: MGASA-2023-0456 urgent: several kernel vulnerabilities addressed
mageia
November 28, 2023
This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/t...
Summary
This kernel update is based on upstream 6.5.11 and fixes or adds
mitigations for at least the following security issues:
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c`
in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP
subsystem in the Linux kernel. This issue may allow a malicious user to
cause a use-after-free and double-free problem, which may permit remote
code execution or lead to local privilege escalation in case that the
attacker already has local privileges. (CVE-2023-5178)
x86: KVM: SVM: always update the x2avic msr interception:
The following problem exists since x2avic was enabled in the KVM:
svm_set_x2apic_msr_interception is called to enable the interception of
the x2apic msrs.
In particular it is called at the moment the guest resets its apic.
Assuming that the guest's apic is in x2apic mode, the reset will bring
it back to the xapic mode.
The svm_set_x2apic_msr_interception however has an erroneous check for
'!apic_x2apic_mode(...
References
- https://bugs.mageia.org/show_bug.cgi?id=32537
- https://bugs.mageia.org/show_bug.cgi?id=32082
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.1
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.2
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.6
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.7
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.8
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.10
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11
- https://www.cve.org/CVERecord?id=CVE-2020-26555
- https://www.cve.org/CVERecord?id=CVE-2023-3772
- https://www.cve.org/CVERecord?id=CVE-2023-3773
- https://www.cve.org/CVERecord?id=CVE-2023-4155
- https://www.cve.org/CVERecord?id=CVE-2023-5090
- https://www.cve.org/CVERecord?id=CVE-2023-5178
- https://www.cve.org/CVERecord?id=CVE-2023-5345
- https://www.cve.org/CVERecord?id=CVE-2023-5633
- https://www.cve.org/CVERecord?id=CVE-2023-5717
- https://www.cve.org/CVERecord?id=CVE-2023-6176
- https://www.cve.org/CVERecord?id=CVE-2023-25775
- https://www.cve.org/CVERecord?id=CVE-2023-34319
- https://www.cve.org/CVERecord?id=CVE-2023-34324
- https://www.cve.org/CVERecord?id=CVE-2023-39189
- https://www.cve.org/CVERecord?id=CVE-2023-46813
Resolution
SRPMS
- 9/core/kernel-6.5.11-5.mga9
- 9/core/kmod-virtualbox-7.0.10-37.mga9
- 9/core/kmod-xtables-addons-3.24-50.mga9
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 28 Nov 2023
URL: https://advisories.mageia.org/MGASA-2023-0328.html
Type: security
CVE: CVE-2020-26555,
CVE-2023-3772,
CVE-2023-3773,
CVE-2023-4155,
CVE-2023-5090,
CVE-2023-5178,
CVE-2023-5345,
CVE-2023-5633,
CVE-2023-5717,
CVE-2023-6176,
CVE-2023-25775,
CVE-2023-34319,
CVE-2023-34324,
CVE-2023-39189,
CVE-2023-46813
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!