MGASA-2022-0155

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0155.html

Import Source

https://advisories.mageia.org/MGASA-2022-0155.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0155

Related

Published

2022-04-28T15:51:51Z

Modified

2022-04-28T14:58:59Z

Summary

Updated kernel-linus packages fix security vulnerabilities

Details

This kernel-linus update is based on upstream 5.15.35 and fixes at least the following security issues:

A denial of service (DOS) issue was found in the Linux kernel smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdupuser function. This flaw allows a local, privileged (CAPSYSADMIN) attacker to crash the system (CVE-2022-0168).

x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158).

A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow attacker to crash linux kernel by simulating Amateur Radio from user-space (CVE-2022-1198).

A use-after-free flaw was found in the Linux kernelâs Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1204).

A NULL pointer dereference flaw was found in the Linux kernelâs Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1205).

A null pointer dereference was found in the kvm module which can lead to denial of service (CVE-2022-1263).

A vulnerability was found in the pfkeyregister function in net/key/afkey.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information (CVE-2022-1353).

usb8devstartxmit in drivers/net/can/usb/usb8dev.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28388).

mcbausbstartxmit in drivers/net/can/usb/mcbausb.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28389).

emsusbstartxmit in drivers/net/can/usb/emsusb.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28390).

In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has no access to any user namespace (CVE-2022-29582).

For other upstream fixes, see the referenced changelogs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / kernel-linus

Package

Name: kernel-linus
Purl: pkg:rpm/mageia/kernel-linus?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.35-1.mga8

Ecosystem specific

{
    "section": "core"
}