Bug 30139

Summary: Update request: kernel-linus-5.15.26-1.mga8
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: High CC: mageia, sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2022-03-08 18:12:02 CET 
Same critical security fix as 


SRPM:
kernel-linus-5.15.26-1.mga8.src.rpm


i586:
kernel-linus-5.15.26-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.26-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.26-1.mga8.i586.rpm
kernel-linus-doc-5.15.26-1.mga8.noarch.rpm
kernel-linus-latest-5.15.26-1.mga8.i586.rpm
kernel-linus-source-5.15.26-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.26-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.15.26-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.26-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.26-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.26-1.mga8.noarch.rpm
kernel-linus-latest-5.15.26-1.mga8.x86_64.rpm
kernel-linus-source-5.15.26-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.26-1.mga8.noarch.rpm
Thomas Backlund 2022-03-08 18:12:12 CET

Severity: normal => critical
Priority: Normal => High

Comment 1 Thomas Backlund 2022-03-08 18:31:13 CET 
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2022-0847
 - CVE-2022-25258
 - CVE-2022-25375
 - CVE-2022-25636
src:
  8:
   core:
     - kernel-linus-5.15.26-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.26 and fixes at least
  the following security issues:

  A vulnerability in the Linux kernel since version 5.8 due to uninitialized
  variables. It enables anybody to write arbitrary data to arbitrary files,
  even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem.
  It can be used to inject code into arbitrary processes (CVE-2022-0847).

  An issue was discovered in drivers/usb/gadget/composite.c in the Linux
  kernel before 5.16.10. The USB Gadget subsystem lacks certain validation
  of interface OS descriptor requests (ones with a large array index and
  ones associated with NULL function pointer retrieval). Memory corruption
  might occur (CVE-2022-25258).

  An issue was discovered in drivers/usb/gadget/function/rndis.c in the
  Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of
  the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive
  information from kernel memory (CVE-2022-25375).

  net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10
  allows local users to gain privileges because of a heap out-of-bounds
  write. This is related to nf_tables_offload (CVE-2022-25636).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30139
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26

Keywords: (none) => advisory

Comment 2 PC LX 2022-03-09 10:41:18 CET 
In the "Core Updates Testing" repository, I'm seeing kernel version 5.15.27 instead of the mentioned above 5.15.26. Please clarify if the 5.15.27 are to be tested or is there an issue that needs to be corrected.

  cpupower                       5.15.27      1.mga8        x86_64  
  kernel-desktop-5.15.27-1.mga8  1            1.mga8        x86_64                                    
  kernel-desktop-devel-5.15.27-> 1            1.mga8        x86_64                                    
  kernel-desktop-devel-latest    5.15.27      1.mga8        x86_64                                    
  kernel-desktop-latest          5.15.27      1.mga8        x86_64                                       
  kernel-userspace-headers       5.15.27      1.mga8        x86_64                                       
  perf                           5.15.27      1.mga8        x86_64

CC: (none) => mageia

Comment 3 Len Lawrence 2022-03-09 12:06:25 CET 
That is odd.  Pasting the list into qarepo and updating downloads the 5.15.26 RPMs and installation continues to run smoothly after that.

CC: (none) => tarazed25

Comment 4 Len Lawrence 2022-03-09 12:40:02 CET 
Continuing from comment 3.
 rpm -q kernel-linus-latest
kernel-linus-latest-5.15.26-1.mga8

No menu entry at reboot so had to run `sudo drakboot --boot` and reboot.
Everything running normally in Mate except bluetooth - had to remove audio device and repeat search and connect sequence to recover it.  This happens now and again with kernel tests.  Networking OK, desktop applications.

Leaving this to run for a day or two.  
Mobo: MSI model: Z97-G43 
Quad Core Intel Core i7-4790
NVIDIA GM204 [GeForce GTX 970]
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet - r8169
Comment 5 Thomas Backlund 2022-03-09 13:33:22 CET 
(In reply to PC LX from comment #2)
> In the "Core Updates Testing" repository, I'm seeing kernel version 5.15.27
> instead of the mentioned above 5.15.26. Please clarify if the 5.15.27 are to
> be tested or is there an issue that needs to be corrected.

Those are new test-kernels for the Spectre-BHB / BHI issue that went public yesterday, but this report is about kernel-*linus*-5.15.26
Comment 6 Thomas Backlund 2022-03-09 17:20:49 CET 
Thanks for the test, 

Flushing out due to the critical security issue...

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2022-03-09 18:03:59 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0095.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED