Mageia 2023-0008: kernel-linus security update
Summary
This kernel-linus update is based on upstream 5.15.88 and fixes atleast
the following security issues:
A use-after-free flaw was found in the Linux kernelâs SGI GRU driver in
the way the first gru_file_unlocked_ioctl function is called by the user,
where a fail pass occurs in the gru_check_chiplet_assignment function.
This flaw allows a local user to crash or potentially escalate their
privileges on the system (CVE-2022-3424).
A vulnerability in the function btf_dump_name_dups of the file
tools/lib/bpf/ btf_dump.c of the component libbpf. This flaw allows a
manipulation that may lea to a use-after-free issue (CVE-2022-3534).
A vulnerability was found in area_cache_get in drivers/net/ethernet/
netronome/nfp/nfpcore/nfp_cppcore.c in the Netronome Flow Processor (NFP)
driver in the Linux kernel. This flaw allows a manipulation that may lead
to a use-after-free issue (CVE-2022-3545).
Guests can trigger NIC interface reset/abort/crash via netback. It is
possible for a guest to trig...
References
- https://bugs.mageia.org/show_bug.cgi?id=31406
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.84
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.85
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.87
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.88
- https://xenbits.xenproject.org/xsa/advisory-423.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3424
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3534
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3545
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3643
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36280
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41218
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45934
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47929
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0266
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23454
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23455
Resolution
MGASA-2023-0008 - Updated kernel-linus packages fix security vulnerabilities
SRPMS
- 8/core/kernel-linus-5.15.88-1.mga8