Bug 30476

Summary: Update request: kernel-linus-5.15.43-1.mga8
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: High CC: sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2022-05-26 09:01:09 CEST 
More security and bugfixes, advisory will follow...


SRPMS:
kernel-linus-5.15.43-1.mga8.src.rpm



i586:
kernel-linus-5.15.43-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.43-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.43-1.mga8.i586.rpm
kernel-linus-doc-5.15.43-1.mga8.noarch.rpm
kernel-linus-latest-5.15.43-1.mga8.i586.rpm
kernel-linus-source-5.15.43-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.43-1.mga8.noarch.rpm



x86_64:
kernel-linus-5.15.43-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.43-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.43-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.43-1.mga8.noarch.rpm
kernel-linus-latest-5.15.43-1.mga8.x86_64.rpm
kernel-linus-source-5.15.43-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.43-1.mga8.noarch.rpm
Thomas Backlund 2022-05-26 09:03:25 CEST

Priority: Normal => High

Comment 1 Thomas Backlund 2022-05-26 09:57:36 CEST 
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2022-1729
 - CVE-2022-21499
src:
  8:
   core:
     - kernel-linus-5.15.43-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.43 and fixes at least
  the following security issues:

  A race condition in the perf subsystem allows for a local privilege
  escalation. NOTE: Mageia kernels by default has disabled the perf usage
  for unprivileged users, effectively rendering this vulnerability harmless
  (CVE-2022-1729).

  Kernel could allow a remote attacker to bypass security restrictions,
  caused by a lockdown break issue. By sending a specially-crafted request
  using the kernel debugger, an attacker could exploit this vulnerability
  to perform read and write access to kernel memory (CVE-2022-21499).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30476
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.42
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.43

Keywords: (none) => advisory

Comment 2 Len Lawrence 2022-05-26 17:29:03 CEST 
Kernel: 5.15.43-1.mga8 x86_64
Quad Core Intel Celeron J4125 [MCP]
Intel GeminiLake [UHD Graphics 600] driver: i915

Installed linus kernel from Core.
Updated via qarepo.  All fine and dandy after reboot apart from intermittent failures of response to the keyboard.  562 processes running on four cores.  Watched a bit of Youtube scifi with a bluetooth sound device.  That runs fine.
Linus kernel appears to be working on this underpowered system.

CC: (none) => tarazed25

Thomas Backlund 2022-05-28 09:57:40 CEST

Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 3 Mageia Robot 2022-05-28 10:57:22 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0213.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED