MGASA-2022-0194

This kernel update is based on upstream 5.15.41 and fixes at least the following security issues:

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAPSYSADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-0500).

Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service (CVE-2022-1012).

A flaw was found in the Linux kernel’s nfcmrvlnciunregister_dev() function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space (CVE-2022-1734).

A flaw was found in the Linux kernel's adjustptrminmaxvals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *ORNULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. NOTE: Mageia kernels by default prevents unprivileged users from being able to use eBPF so this would require a privileged user with CAPSYSADMIN or root to be able to abuse this flaw reducing its attack space (CVE-2022-23222).

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xsxprtfree before ensuring that sockets are in the intended state (CVE-2022-28893).

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root (CVE-2022-29581).

Other fixes in this update: - nfsd: Fix a write performance regression - x86/mm: Include spinlock_t definition in pgtable.h

For other upstream fixes, see the referenced changelogs.