This kernel-linus update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. CVE-2023-1076 A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT
handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (CONFIG_VMAP_STACK
). CVE-2023-4155 A use-after-free vulnerability in the Linux kernelās net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921 A use-after-free vulnerability in the Linux kernelās netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. CVE-2023-5197 Improper access control in the IntelĀ® Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE-2023-25775 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. CVE-2023-42754 A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of __ip_set_put
on a wrong set
. This issue may allow a local user to crash the system. CVE-2023-42756 For other upstream fixes in this update, see the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | kernel-linus | <Ā 6.4.16-3 | kernel-linus-6.4.16-3.mga9 |
bugs.mageia.org/show_bug.cgi?id=32297
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.11
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.13
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.14
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.15
cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16