MGASA-2022-0212
- Source
- https://advisories.mageia.org/MGASA-2022-0212.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0212.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2022-0212
- Related
- Published
- 2022-05-28T08:56:13Z
- Modified
- 2022-05-28T08:00:35Z
- Summary
- Updated kernel packages fix security vulnerabilities
- Details
-
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues:
A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this vulnerability harmless (CVE-2022-1729).
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789).
Kernel could allow a remote attacker to bypass security restrictions, caused by a lockdown break issue. By sending a specially-crafted request using the kernel debugger, an attacker could exploit this vulnerability to perform read and write access to kernel memory (CVE-2022-21499).
Other fixes in this update: - ice: fix crash at allocation failure
For other upstream fixes, see the referenced changelogs.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/mageia/kernel?distro=mageia-8
Mageia:8 / kmod-virtualbox
Package
- Name
- kmod-virtualbox
- Purl
- pkg:rpm/mageia/kmod-virtualbox?distro=mageia-8
Mageia:8 / kmod-xtables-addons
Package
- Name
- kmod-xtables-addons
- Purl
- pkg:rpm/mageia/kmod-xtables-addons?distro=mageia-8