{ "schema_version": "1.7.0", "id": "MGASA-2022-0022", "published": "2022-01-18T15:43:35Z", "modified": "2022-02-17T18:21:47Z", "summary": "Updated kernel-linus packages fix security vulnerabilities", "details": "This kernel-linus update is based on upstream 5.15.15 and fixes at least\nthe following security issues:\n\nA data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS\nfilesystem allowed for size increase of files with unaligned size. A\nlocal attacker could use this flaw to leak data on the XFS filesystem\notherwise not accessible to them (CVE-2021-4155).\n\nAn unprivileged write to the file handler flaw in the Linux kernel's\ncontrol groups and namespaces subsystem was found in the way users have\naccess to some less privileged process that are controlled by cgroups and\nhave higher privileged parent process. It is actually both for cgroup2\nand cgroup1 versions of control groups. A local user could use this flaw\nto crash the system or escalate their privileges on the system\n(CVE-2021-4197).\n\nA use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in\nthe Linux kernel through 5.15.11. This occurs because of a race condition\nin tee_shm_get_from_id during an attempt to free a shared memory object\n(CVE-2021-44733).\n\npep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8\nhas a refcount leak (CVE-2021-45095).\n\nThe ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8,\nsometimes communicates in cleartext even though encryption has been enabled.\nThis occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using\nthe SMB 3.1.1 protocol, which is a violation of the SMB protocol\nspecification. When Windows 10 detects this protocol violation, it disables\nencryption (CVE-2021-45100).\n\nkernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local\nusers to gain privileges because of the availability of pointer arithmetic\nvia certain *_OR_NULL pointer types (CVE-2022-23222).\n\nIn addition to the upstream changes, we also have changed the following:\n- enable NF_TABLES_INET, NFT_REJECT_INET and NFT_FIB_INET (mga#29852)\n- disable CIFS_SMB_DIRECT on desktop kernels as it makes loading cifs\n deps fail on some setups (mga#29784)\n- disable unprivileged bpf by default to mitigate other potential security\n issues with bpf\n\nFor other upstream fixes, see the referenced changelogs.\n", "upstream": [ "CVE-2021-4155", "CVE-2021-4197", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45100", "CVE-2022-23222" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2022-0022.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=29880" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=29852" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=29784" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.12" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.14" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.15" } ], "affected": [ { "package": { "ecosystem": "Mageia:8", "name": "kernel-linus", "purl": "pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.15.15-1.mga8" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }