| Summary: | Update request: kernel-linus-5.15.43-1.mga8 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | High | CC: | sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | kernel-linus | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2022-05-26 09:01:09 CEST
Thomas Backlund
2022-05-26 09:03:25 CEST
Priority:
Normal =>
High
Advisory, added to svn:
type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
- CVE-2022-1729
- CVE-2022-21499
src:
8:
core:
- kernel-linus-5.15.43-1.mga8
description: |
This kernel-linus update is based on upstream 5.15.43 and fixes at least
the following security issues:
A race condition in the perf subsystem allows for a local privilege
escalation. NOTE: Mageia kernels by default has disabled the perf usage
for unprivileged users, effectively rendering this vulnerability harmless
(CVE-2022-1729).
Kernel could allow a remote attacker to bypass security restrictions,
caused by a lockdown break issue. By sending a specially-crafted request
using the kernel debugger, an attacker could exploit this vulnerability
to perform read and write access to kernel memory (CVE-2022-21499).
For other upstream fixes, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=30476
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43Keywords:
(none) =>
advisory Kernel: 5.15.43-1.mga8 x86_64 Quad Core Intel Celeron J4125 [MCP] Intel GeminiLake [UHD Graphics 600] driver: i915 Installed linus kernel from Core. Updated via qarepo. All fine and dandy after reboot apart from intermittent failures of response to the keyboard. 562 processes running on four cores. Watched a bit of Youtube scifi with a bluetooth sound device. That runs fine. Linus kernel appears to be working on this underpowered system. CC:
(none) =>
tarazed25
Thomas Backlund
2022-05-28 09:57:40 CEST
Whiteboard:
(none) =>
MGA8-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0213.html Status:
NEW =>
RESOLVED |