Updated kernel packages fix security vulnerabilities
Publication date: 19 Jun 2023Modification date: 25 Jun 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-48425 , CVE-2023-2124 , CVE-2023-2156 , CVE-2023-2269 , CVE-2023-3141 , CVE-2023-3212 , CVE-2023-3268 , CVE-2023-31084 , CVE-2023-32233 , CVE-2023-34256 , CVE-2023-35788 , CVE-2023-35823 , CVE-2023-35824 , CVE-2023-35828 , CVE-2023-35829
Description
This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs (CVE-2022-48425). An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2023-2124). A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system (CVE-2023-2156). A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component (CVE-2023-2269). A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak (CVE-2023-3141). A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic (CVE-2023-3212). An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information (CVE-2023-3268). An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process (CVE-2023-31084). In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled (CVE-2023-32233). An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset (CVE-2023-34256). An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation (CVE-2023-35788). An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (CVE-2023-35823). An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (CVE-2023-35824). An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (CVE-2023-35828). An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (CVE-2023-35829). For other upstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=32001
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.111
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.113
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.114
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.115
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.116
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.117
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48425
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3268
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34256
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35829
SRPMS
8/core
- kernel-5.15.117-2.mga8
- kmod-virtualbox-7.0.8-1.8.mga8
- kmod-xtables-addons-3.23-1.18.mga8