Advisories ยป MGASA-2023-0237

Updated kernel packages fix security vulnerabilities

Publication date: 19 Jul 2023
Modification date: 26 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-3338 , CVE-2023-3390 , CVE-2023-31248 , CVE-2023-35001

Description

This kernel update is based on upstream 5.15.120 and fixes atleast
the following security issues:

A flaw null pointer dereference in the Linux kernel DECnet networking
protocol was found. A remote user could use this flaw to crash the
system. This is fixed by removing DECnet support (CVE-2023-3338).

A use-after-free vulnerability was found in the Linux kernel's netfilter
subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with
NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same
transaction causing a use-after-free vulnerability. This flaw allows a
local attacker with user access to cause a privilege escalation issue
(CVE-2023-3390).

Linux Kernel nftables Use-After-Free Local Privilege Escalation
Vulnerability; nft_chain_lookup_byid() failed to check whether a chain
was active and CAP_NET_ADMIN is in any user or network namespace 
(CVE-2023-31248).

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability;
nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN
is in any user or network namespace (CVE-2023-35001).

NOTE!!
This kernel also contains a fix for dkms builds hanging / stalling during
upgrade to Mageia 9 (mga#31982) due to the new make 4.4 series utility
ending up in a loop processing Makefile in kernel-devel packages.
So if you use dkms packaged drivers, you need to be running this kernel
(or any later released ones) before you do an online upgrade to avoid the
upgrade stalling / hanging.

For other upstream fixes in this update, see the referenced changelogs.

References

SRPMS

8/core