Lucene search

K
mageiaGentoo FoundationMGASA-2022-0154
HistoryApr 28, 2022 - 6:51 p.m.

Updated kernel packages fix security vulnerabilities

2022-04-2818:51:51
Gentoo Foundation
advisories.mageia.org
38
kernel update
denial of service
smb2
cifs
x86
kvm
use-after-free
amateur radio
ax.25
null pointer dereference
pfkey_register
usb_8dev_start_xmit
mcba_usb_start_xmit
ems_usb_start_xmit
io_uring timeouts
gpio
net
atlantic
xtables-addons

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%

This kernel update is based on upstream 5.15.35 and fixes at least the following security issues: A denial of service (DOS) issue was found in the Linux kernel smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system (CVE-2022-0168). x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158). A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow attacker to crash linux kernel by simulating Amateur Radio from user-space (CVE-2022-1198). A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1204). A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system (CVE-2022-1205). A null pointer dereference was found in the kvm module which can lead to denial of service (CVE-2022-1263). A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information (CVE-2022-1353). usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28388). mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28389). ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free (CVE-2022-28390). In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace (CVE-2022-29582). Other fixes in this update: - gpio: Request interrupts after IRQ is initialized - net: atlantic: invert deep par in pm functions, preventing null derefs - xtables-addons have been updated to 3.20 For other upstream fixes, see the referenced changelogs.

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.5%