180 matches found
MGASA-2022-0212 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...
MGASA-2022-0195 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allo...
MGASA-2022-0194 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem due to the way a user loads BTF. This flaw allows a...
SUSE-SU-2022:1242-1 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-12277 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects...
SUSE-SU-2022:1230-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15)
This update for the Linux Kernel 4.12.14-15078 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and ma...
SUSE-SU-2022:1194-1 Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-2486 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects a...
SUSE-SU-2022:1189-1 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122106 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap object...
SUSE-SU-2022:1037-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nfdupnetdev.c, related to nftablesoffload...
MGASA-2022-0121 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to...
MGASA-2022-0095 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.26 and fixes at least the following security issues: A vulnerability in the Linux kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is ORDONLY, immutable or on...
SUSE-SU-2022:0270-1 Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-5927 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacyparseparam which could have led to a local privilege escalation bsc1194517. - CVE-2021-4028: Fixed use-after-free in RDMA listen th...
MGASA-2021-0588 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...
MGASA-2021-0574 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a...
MGASA-2021-0538 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off,...
MGASA-2021-0507 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.78 and fixes at least the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability CVE-2021-3760. A flaw in the SCTP stack where a blind attacker may be able ...
SUSE-SU-2021:3386-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP56 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a...
MGASA-2021-0419 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.62 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over...
MGASA-2021-0418 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.62 and fixes at least the following security issues: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel...
MGASA-2021-0367 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.52 and fixes at least the following security issues: There is a race condition in net/can/bcm.c that can lead to local privilege escalation to root CVE-2021-3609. A vulnerability was found in the Linux kernel. Missing size validations on inbound...
MGASA-2021-0347 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.48 and fixes at least the following security issues: The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection mechanism. This affects certs/blacklist.c and certs/systemkeyring.c...