MGASA-2022-0195 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 21 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0195.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-0500,
     CVE-2022-1012,
     CVE-2022-1734,
     CVE-2022-23222,
     CVE-2022-28893,
     CVE-2022-29581

This kernel-linus update is based on upstream 5.15.41 and fixes at least the
following security issues:

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading
to a possible out-of-bounds memory write in the Linux kernel BPF subsystem
due to the way a user loads BTF. This flaw allows a local user to crash or
escalate their privileges on the system. NOTE: Mageia kernels by default
prevents unprivileged users from being able to use eBPF so this would
require a privileged user with CAP_SYS_ADMIN or root to be able to abuse
this flaw reducing its attack space (CVE-2022-0500).

Due to the small table perturb size, a memory leak flaw was found in the
Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c
function. This flaw allows an attacker to leak information and may cause
a denial of service (CVE-2022-1012).

A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev()
function. A race condition leads to a use-after-free issue when simulating
the NFC device from the user space (CVE-2022-1734).

A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the
kernel/bpf/verifier.c function. In this flaw, a missing sanity check for
*_OR_NULL pointer types that perform pointer arithmetic may cause a kernel
information leak issue. NOTE: Mageia kernels by default prevents
unprivileged users from being able to use eBPF so this would require a
privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw
reducing its attack space (CVE-2022-23222).

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call
xs_xprt_free before ensuring that sockets are in the intended state
(CVE-2022-28893).

Improper Update of Reference Count vulnerability in net/sched of Linux
Kernel allows local attacker to cause privilege escalation to root
(CVE-2022-29581).

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=30436
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29581

SRPMS:
- 8/core/kernel-linus-5.15.41-1.mga8

Mageia 2022-0195: kernel-linus security update

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to...

Summary

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues:
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-0500).
Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service (CVE-2022-1012).
A flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulati...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30436

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29581

Resolution

MGASA-2022-0195 - Updated kernel-linus packages fix security vulnerabilities

SRPMS

- 8/core/kernel-linus-5.15.41-1.mga8

Severity
Publication date: 21 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0195.html
Type: security
CVE: CVE-2022-0500, CVE-2022-1012, CVE-2022-1734, CVE-2022-23222, CVE-2022-28893, CVE-2022-29581

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved