MGASA-2022-0443 - Updated kernel-linus packages fix security vulnerabilities

Publication date: 27 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0443.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-2602,
     CVE-2022-3524,
     CVE-2022-3535,
     CVE-2022-3542,
     CVE-2022-3543,
     CVE-2022-3564,
     CVE-2022-3565,
     CVE-2022-3594,
     CVE-2022-3619,
     CVE-2022-3623,
     CVE-2022-3628,
     CVE-2022-41849,
     CVE-2022-41850,
     CVE-2022-42895,
     CVE-2022-42896,
     CVE-2022-43945

This kernel-linus update is based on upstream 5.15.79 and fixes at least the
following security issues:

A flaw was found in the Linux kernel. A race issue occurs between an
io_uring request and the Unix socket garbage collector, allowing an attacker
local privilege escalation (CVE-2022-2602).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function
ipv6_renew_options of the component IPv6 Handler. The manipulation leads
to memory leak. The attack can be launched remotely (CVE-2022-3524).

A vulnerability classified as problematic was found in Linux Kernel.
Affected by this vulnerability is the function mvpp2_dbgfs_port_init of
the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the
component mvpp2. The manipulation leads to memory leak (CVE-2022-3535).

A vulnerability classified as problematic was found in Linux Kernel. This
vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/
ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation
leads to memory leak (CVE-2022-3542).

A vulnerability, which was classified as problematic, has been found in
Linux Kernel. This issue affects the function unix_sock_destructor/
unix_release_sock of the file net/unix/af_unix.c of the component BPF.
The manipulation leads to memory leak (CVE-2022-3543).

A vulnerability classified as critical was found in Linux Kernel. Affected
by this vulnerability is the function l2cap_reassemble_sdu of the file
net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation
leads to use after free (CVE-2022-3564).

A vulnerability, which was classified as critical, has been found in Linux
Kernel. Affected by this issue is the function del_timer of the file
drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation
leads to use after free (CVE-2022-3565).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function intr_callback
of the file drivers/net/usb/r8152.c of the component BPF. The manipulation
leads to logging of excessive data. The attack can be launched remotely
(CVE-2022-3594).

A vulnerability has been found in Linux Kernel and classified as
problematic. This vulnerability affects the function l2cap_recv_acldata
of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
manipulation leads to memory leak (CVE-2022-3619).

A vulnerability was found in Linux Kernel. It has been declared as
problematic. Affected by this vulnerability is the function follow_page_pte
of the file mm/gup.c of the component BPF. The manipulation leads to race
condition (CVE-2022-3623).

An intra-object buffer overflow was found in brcmfmac, which can be
triggered by a malicious USB causing a Denial-of-Service (CVE-2022-3628).

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a
race condition and resultant use-after-free if a physically proximate
attacker removes a USB device while calling open(), aka a race condition
between ufx_ops_open and ufx_usb_disconnect (CVE-2022-41849).

occat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through
5.19.12 has a race condition and resultant use-after-free in certain
situations where a report is received while copying a report->value is
in progress (CVE-2022-41850).

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/
l2cap_core.c's l2cap_parse_conf_req function which can be used to leak
kernel pointers remotely (CVE-2022-42895).

There are use-after-free vulnerabilities in the Linux kernel's 
net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req
functions which may allow code execution and leaking kernel memory
(respectively) remotely via Bluetooth. A remote attacker could execute
code leaking kernel memory via Bluetooth if within proximity of the
victim (CVE-2022-42896).

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2
are vulnerable to buffer overflow. NFSD tracks the number of pages held by
each NFSD thread by combining the receive and send buffers of a remote
procedure call (RPC) into a single array of pages. A client can force the
send buffer to shrink by sending an RPC message over TCP with garbage data
added at the end of the message. The RPC message with garbage data is still
correctly formed according to the specification and is passed forward to
handlers. Vulnerable code in NFSD is not expecting the oversized request
and writes beyond the allocated buffer space (CVE-2022-43945).

For other upstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=31150
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.75
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.76
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.77
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.78
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.79
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3542
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3543
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3564
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3628
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945

SRPMS:
- 8/core/kernel-linus-5.15.79-1.mga8

Mageia 2022-0443: kernel-linus security update

This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues: A flaw was found in the Linux kernel

Summary

This kernel-linus update is based on upstream 5.15.79 and fixes at least the following security issues:
A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation (CVE-2022-2602).
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely (CVE-2022-3524).
A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak (CVE-2022-3535).
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ ether...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31150

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.75

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.76

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.77

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.78

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.79

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3524

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3535

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3542

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3543

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3564

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3619

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3623

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3628

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41850

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42895

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945

Resolution

MGASA-2022-0443 - Updated kernel-linus packages fix security vulnerabilities

SRPMS

- 8/core/kernel-linus-5.15.79-1.mga8

Severity
Publication date: 27 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0443.html
Type: security
CVE: CVE-2022-2602, CVE-2022-3524, CVE-2022-3535, CVE-2022-3542, CVE-2022-3543, CVE-2022-3564, CVE-2022-3565, CVE-2022-3594, CVE-2022-3619, CVE-2022-3623, CVE-2022-3628, CVE-2022-41849, CVE-2022-41850, CVE-2022-42895, CVE-2022-42896, CVE-2022-43945

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved