Updated kernel-linus packages fix security vulnerabilities
Publication date: 27 Nov 2022Modification date: 27 Nov 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2602 , CVE-2022-3524 , CVE-2022-3535 , CVE-2022-3542 , CVE-2022-3543 , CVE-2022-3564 , CVE-2022-3565 , CVE-2022-3594 , CVE-2022-3619 , CVE-2022-3623 , CVE-2022-3628 , CVE-2022-41849 , CVE-2022-41850 , CVE-2022-42895 , CVE-2022-42896 , CVE-2022-43945
Description
This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation (CVE-2022-2602). A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely (CVE-2022-3524). A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak (CVE-2022-3535). A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak (CVE-2022-3542). A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/ unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak (CVE-2022-3543). A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free (CVE-2022-3564). A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free (CVE-2022-3565). A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely (CVE-2022-3594). A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak (CVE-2022-3619). A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition (CVE-2022-3623). An intra-object buffer overflow was found in brcmfmac, which can be triggered by a malicious USB causing a Denial-of-Service (CVE-2022-3628). drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect (CVE-2022-41849). occat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress (CVE-2022-41850). There is an infoleak vulnerability in the Linux kernel's net/bluetooth/ l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely (CVE-2022-42895). There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim (CVE-2022-42896). The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space (CVE-2022-43945). For other upstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=31150
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.75
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.76
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.77
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.78
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.79
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3542
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3543
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3564
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3628
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945
SRPMS
8/core
- kernel-linus-5.15.79-1.mga8