MGASA-2022-0021

This kernel update is based on upstream 5.15.15 and fixes at least the following security issues:

A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them (CVE-2021-4155).

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-4197).

Lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel (CVE-2021-4204).

A use-after-free exists in drivers/tee/teeshm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in teeshmgetfrom_id during an attempt to free a shared memory object (CVE-2021-44733).

pepsockaccept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak (CVE-2021-45095).

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2GLOBALCAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption (CVE-2021-45100).

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *ORNULL pointer types (CVE-2022-23222).

In addition to the upstream changes, we also have changed the following: - iwlwifi: mvm: check if SAR GEO is supported before sending command - select: Fix indefinitely sleeping task in pollscheduletimeout() - ALSA: hda: Add AlderLake-N/P PCI ID - enable NFTABLESINET, NFTREJECTINET and NFTFIBINET (mga#29852) - disable CIFSSMBDIRECT on desktop kernels as it makes loading cifs deps fail on some setups (mga#29784) - disable unprivileged bpf by default to mitigate other potential security issues with bpf

For other upstream fixes, see the referenced changelogs.