MGASA-2023-0295 - Updated kernel packages fix security vulnerabilities

Publication date: 22 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0295.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2023-1076,
     CVE-2023-4155,
     CVE-2023-4921,
     CVE-2023-5197,
     CVE-2023-25775,
     CVE-2023-42754,
     CVE-2023-42756

This kernel update is based on upstream 6.4.16 and fixes or adds
mitigations for atleast the following security issues:

A flaw was found in the Linux Kernel. The tun/tap sockets have their
socket UID hardcoded to 0 due to a type confusion in their
initialization function. While it will be often correct, as tuntap
devices require CAP_NET_ADMIN, it may not always be the case, e.g., a
non-root user only having that capability. This would make tun/tap
sockets being incorrectly treated in filtering/routing decisions,
possibly bypassing network filters. CVE-2023-1076

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the
Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs
can trigger a double fetch race condition vulnerability and invoke the
`VMGEXIT` handler recursively. If an attacker manages to call the
handler multiple times, they can trigger a stack overflow and cause a
denial of service or potentially guest-to-host escape in kernel
configurations without stack guard pages (`CONFIG_VMAP_STACK`).
CVE-2023-4155

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq
component can be exploited to achieve local privilege escalation. When
the plug qdisc is used as a class of the qfq qdisc, sending network
packets triggers use-after-free in qfq_dequeue() due to the incorrect
.peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit
8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921

A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege
escalation. Addition and removal of rules from chain bindings within the
same transaction causes leads to use-after-free. We recommend upgrading
past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. CVE-2023-5197

Improper access control in the Intel(R) Ethernet Controller RDMA driver
for linux before version 1.9.30 may allow an unauthenticated user to
potentially enable escalation of privilege via network access.
CVE-2023-25775

A NULL pointer dereference flaw was found in the Linux kernel ipv4
stack. The socket buffer (skb) was assumed to be associated with a
device before calling __ip_options_compile, which is not always the case
if the skb is re-routed by ipvs. This issue may allow a local user with
CAP_NET_ADMIN privileges to crash the system. CVE-2023-42754

A flaw was found in the Netfilter subsystem of the Linux kernel. A race
condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel
panic due to the invocation of `__ip_set_put` on a wrong `set`. This
issue may allow a local user to crash the system. CVE-2023-42756

For other upstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32296
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.11
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.13
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.14
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.15
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42756

SRPMS:
- 9/core/kernel-6.4.16-3.mga9
- 9/core/kmod-virtualbox-7.0.10-33.mga9
- 9/core/kmod-xtables-addons-3.24-48.mga9

Mageia 2023-0295: kernel security update

This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel

Summary

This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues:
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. CVE-2023-1076
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32296

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.11

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.13

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.14

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.15

- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1076

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4155

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5197

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42756

Resolution

MGASA-2023-0295 - Updated kernel packages fix security vulnerabilities

SRPMS

- 9/core/kernel-6.4.16-3.mga9

- 9/core/kmod-virtualbox-7.0.10-33.mga9

- 9/core/kmod-xtables-addons-3.24-48.mga9

Severity
Publication date: 22 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0295.html
Type: security
CVE: CVE-2023-1076, CVE-2023-4155, CVE-2023-4921, CVE-2023-5197, CVE-2023-25775, CVE-2023-42754, CVE-2023-42756

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved