Lucene search

K
mageiaGentoo FoundationMGASA-2022-0213
HistoryMay 28, 2022 - 11:56 a.m.

Updated kernel-linus packages fix security vulnerabilities

2022-05-2811:56:13
Gentoo Foundation
advisories.mageia.org
41
kernel-linus
security vulnerabilities
upstream 5.15.43

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

15.7%

This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this vulnerability harmless (CVE-2022-1729). Kernel could allow a remote attacker to bypass security restrictions, caused by a lockdown break issue. By sending a specially-crafted request using the kernel debugger, an attacker could exploit this vulnerability to perform read and write access to kernel memory (CVE-2022-21499). For other upstream fixes, see the referenced changelogs.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchkernel-linus< 5.15.43-1kernel-linus-5.15.43-1.mga8

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

15.7%