Advisories » MGASA-2023-0250

Updated kernel packages fix security vulnerabilities

Publication date: 23 Aug 2023
Modification date: 23 Aug 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-40982 , CVE-2023-1206 , CVE-2023-4004 , CVE-2023-4147 , CVE-2023-20569 , CVE-2023-34319

Description

This kernel update is based on upstream 5.15.126 and fixes or
adds mitigations for atleast the following security issues:

Information exposure through microarchitectural state after transient
execution in certain vector execution units for some Intel(R) Processors
may allow an authenticated user to potentially enable information disclosure
via local access (CVE-2022-40982, INTEL-SA-00828).

A hash collision flaw was found in the IPv6 connection lookup table in
the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN
flood attack. A user located in the local network or with a high bandwidth
connection can increase the CPU usage of the server that accepts IPV6
connections up to 95% (CVE-2023-1206).

A use-after-free flaw was found in the Linux kernel's netfilter in the
way a user triggers the nft_pipapo_remove function with the element,
without a NFT_SET_EXT_KEY_END. This issue could allow a local user to
crash the system or potentially escalate their privileges on the system
(CVE-2023-4004).

A use-after-free flaw was found in the Linux kernel’s Netfilter
functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw
allows a local user to crash or escalate their privileges on the system
(CVE-2023-4147).

A side channel vulnerability in some of the AMD CPUs may allow an attacker
to influence the return address prediction. This may result in speculative
execution at an attacker-controlled instruction pointer register,
potentially leading to information disclosure (CVE-2023-20569).

A buffer overrun vulnerability was found in the netback driver in Xen due
to an unusual split packet. This flaw allows an unprivileged guest to cause
a denial of service (DoS) of the host by sending network packets to the
backend, causing the backend to crash (CVE-2023-34319, XSA-432).

Security fix for AMD Zen1 information leak through Divide By Zero.

For other upstream fixes in this update, see the referenced changelogs.
                

References

SRPMS

8/core