{ "schema_version": "1.7.0", "id": "MGASA-2022-0194", "published": "2022-05-21T08:50:18Z", "modified": "2022-05-21T07:59:36Z", "summary": "Updated kernel packages fix security vulnerabilities", "details": "This kernel update is based on upstream 5.15.41 and fixes at least the\nfollowing security issues:\n\nA flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading\nto a possible out-of-bounds memory write in the Linux kernel BPF subsystem\ndue to the way a user loads BTF. This flaw allows a local user to crash or\nescalate their privileges on the system. NOTE: Mageia kernels by default\nprevents unprivileged users from being able to use eBPF so this would\nrequire a privileged user with CAP_SYS_ADMIN or root to be able to abuse\nthis flaw reducing its attack space (CVE-2022-0500).\n\nDue to the small table perturb size, a memory leak flaw was found in the\nLinux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c\nfunction. This flaw allows an attacker to leak information and may cause\na denial of service (CVE-2022-1012).\n\nA flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev()\nfunction. A race condition leads to a use-after-free issue when simulating\nthe NFC device from the user space (CVE-2022-1734).\n\nA flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the\nkernel/bpf/verifier.c function. In this flaw, a missing sanity check for\n*_OR_NULL pointer types that perform pointer arithmetic may cause a kernel\ninformation leak issue. NOTE: Mageia kernels by default prevents\nunprivileged users from being able to use eBPF so this would require a\nprivileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw\nreducing its attack space (CVE-2022-23222).\n\nThe SUNRPC subsystem in the Linux kernel through 5.17.2 can call\nxs_xprt_free before ensuring that sockets are in the intended state\n(CVE-2022-28893).\n\nImproper Update of Reference Count vulnerability in net/sched of Linux\nKernel allows local attacker to cause privilege escalation to root\n(CVE-2022-29581).\n\nOther fixes in this update:\n- nfsd: Fix a write performance regression\n- x86/mm: Include spinlock_t definition in pgtable.h\n\nFor other upstream fixes, see the referenced changelogs.\n", "upstream": [ "CVE-2022-0500", "CVE-2022-1012", "CVE-2022-1734", "CVE-2022-23222", "CVE-2022-28893", "CVE-2022-29581" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2022-0194.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=30435" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40" }, { "type": "WEB", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41" } ], "affected": [ { "package": { "ecosystem": "Mageia:8", "name": "kernel", "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.15.41-1.mga8" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:8", "name": "kmod-virtualbox", "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.1.34-1.7.mga8" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:8", "name": "kmod-xtables-addons", "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.20-1.3.mga8" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }