Bug 29978

Summary: CVE-2022-24122
Product: Mageia Reporter: Nikolay Sabelnikov <79625490833>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: critical    
Priority: High CC: 79625490833, fri
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2022-24122
Whiteboard:
Source RPM: Kernel CVE: CVE-2022-24122
Status comment:

Description Nikolay Sabelnikov 2022-01-31 17:30:20 CET 
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
Nikolay Sabelnikov 2022-01-31 17:30:38 CET

Priority: Normal => High
Severity: normal => critical

Nikolay Sabelnikov 2022-01-31 17:31:13 CET

CVE: (none) => CVE-2022-24122
CC: (none) => 79625490833

Comment 1 Nikolay Sabelnikov 2022-01-31 17:33:05 CET 
The problem has been manifested since the Linux kernel 5.14 and will be fixed in updates 5.16.5 and 5.15.19.
Comment 2 Morgan Leijström 2022-01-31 17:39:21 CET 
Already patched in our testing version :)

https://bugs.mageia.org/show_bug.cgi?id=29960#c11

With your energy it would be nice to have you onboard.
Have you considered joining?

*** This bug has been marked as a duplicate of bug 29960 ***

CC: (none) => fri
Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 3 Nikolay Sabelnikov 2022-01-31 17:46:27 CET 
good idea.  I'll probably use it.
Comment 4 Morgan Leijström 2022-01-31 17:48:42 CET 
Welcome.

https://wiki.mageia.org/en/Contributing

Join a mail list and say you are here :)