MGASA-2022-0477 - Updated kernel packages fix security vulnerabilities

Publication date: 17 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0477.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-3169,
     CVE-2022-3344,
     CVE-2022-3521,
     CVE-2022-4139,
     CVE-2022-4378,
     CVE-2022-42328,
     CVE-2022-42329,
     CVE-2022-45869

This kernel update is based on upstream 5.15.82 and fixes atleast the
following security issues:

A flaw was found in the Linux kernel. A denial of service flaw may occur
if there is a consecutive request of the NVME_IOCTL_RESET and the
NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting
in a PCIe link disconnect (CVE-2022-3169).

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious
L1 guest could purposely fail to intercept the shutdown of a cooperative
nested guest (L2), possibly leading to a page fault and kernel panic in
the host (L0) (CVE-2022-3344).

A vulnerability has been found in Linux Kernel function kcm_tx_work of the
file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race
condition (CVE-2022-3521).

Guests can trigger NIC interface reset/abort/crash via netback. It is
possible for a guest to trigger a NIC interface reset/abort/crash in a
Linux based network backend by sending certain kinds of packets. It appearsto be an (unwritten?) assumption in the rest of the Linux network stack
that packet  protocol headers are all contained within the linear section
of the SKB and some NICs behave badly if this is not the case. This has
been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780
(bnx2x) though it may be an issue with other NICs/drivers as well. In case
the frontend is sending requests with split headers, netback will forward
those violating above mentioned assumption to the networking core,
resulting in said misbehavior (CVE-2022-3643, XSA-423).

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel
driver, potentially leading to random memory corruption or data leaks. This
flaw could allow a local user to crash the system or escalate their
privileges on the system (CVE-2022-4139).

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in
how a user changes certain kernel parameters and variables. This flaw
allows a local user to crash or potentially escalate their privileges on the
system (CVE-2022-4378).

The patch for XSA-392 introduced another issue which might result in
a deadlock when trying to free the SKB of a packet dropped due to
the XSA-392 handling (CVE-2022-42328, XSA-424).
Additionally when dropping packages for other reasons the same
deadlock could occur in case of netpoll being active for the interface
the xen-netback driver is connected to (CVE-2022-42329, XSA-424).

A race condition in the x86 KVM subsystem in the Linux kernel allows guest
OS users to cause a denial of service (host OS crash or host OS memory
corruption) when nested virtualisation and the TDP MMU are enabled
(CVE-2022-45869).

For other upstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=31260
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.80
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82
- https://xenbits.xenproject.org/xsa/advisory-423.txt
- https://xenbits.xenproject.org/xsa/advisory-424.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3344
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45869

SRPMS:
- 8/core/kernel-5.15.82-1.mga8
- 8/core/kmod-virtualbox-7.0.4-1.2.mga8
- 8/core/kmod-xtables-addons-3.21-1.8.mga8

Mageia 2022-0477: kernel security update

This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel

Summary

This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues:
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect (CVE-2022-3169).
A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0) (CVE-2022-3344).
A vulnerability has been found in Linux Kernel function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition (CVE-2022-3521).
Guests can trigger NIC interface reset/abort/crash via netback. It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31260

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.80

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82

- https://xenbits.xenproject.org/xsa/advisory-423.txt

- https://xenbits.xenproject.org/xsa/advisory-424.txt

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3169

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3344

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3521

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4139

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42328

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42329

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45869

Resolution

MGASA-2022-0477 - Updated kernel packages fix security vulnerabilities

SRPMS

- 8/core/kernel-5.15.82-1.mga8

- 8/core/kmod-virtualbox-7.0.4-1.2.mga8

- 8/core/kmod-xtables-addons-3.21-1.8.mga8

Severity
Publication date: 17 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0477.html
Type: security
CVE: CVE-2022-3169, CVE-2022-3344, CVE-2022-3521, CVE-2022-4139, CVE-2022-4378, CVE-2022-42328, CVE-2022-42329, CVE-2022-45869

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved