Bug 30537

Summary: Update request: kernel-linus-5.15.46-1.mga8
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2022-06-10 20:34:24 CEST 
Security and bugfixes, advisory will follow...


SRPMS:
kernel-linus-5.15.46-1.mga8.src.rpm



i586:
kernel-linus-5.15.46-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.46-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.46-1.mga8.i586.rpm
kernel-linus-doc-5.15.46-1.mga8.noarch.rpm
kernel-linus-latest-5.15.46-1.mga8.i586.rpm
kernel-linus-source-5.15.46-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.46-1.mga8.noarch.rpm



x86_64:
kernel-linus-5.15.46-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.46-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.46-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.46-1.mga8.noarch.rpm
kernel-linus-latest-5.15.46-1.mga8.x86_64.rpm
kernel-linus-source-5.15.46-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.46-1.mga8.noarch.rpm
Comment 1 Len Lawrence 2022-06-11 16:50:00 CEST 
mga8, x64
10-Core Intel Core i9-7900X
NVIDIA GP102 [GeForce GTX 1080 Ti]
Intel Ethernet I219-V driver: e1000e

No problems at all with this, Mate desktop.

CC: (none) => tarazed25

Comment 2 Thomas Backlund 2022-06-12 00:00:50 CEST 
advisory, added to svn


type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2022-1789
 - CVE-2022-1852
 - CVE-2022-1966
 - CVE-2022-1972
 - CVE-2022-1973
src:
  8:
   core:
     - kernel-linus-5.15.46-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.46 and fixes at least
  the following security issues:

  KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
  (CVE-2022-1789).

  KVM: x86: avoid calling x86 emulator without a decoded instruction
  (CVE-2022-1852).

  A use-after-free vulnerability was found in the Linux kernel's Netfilter
  subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local
  attacker with user access to cause a privilege escalation issue
  (CVE-2022-1966).

  An out-of-bound write vulnerability was identified within the netfilter
  subsystem which can be exploited to achieve privilege escalation to
  root. In order to trigger the issue it requires the ability to create
  user/net namespaces (CVE-2022-1972).

  fs/ntfs3: Fix invalid free in log_replay (CVE-2022-1973).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30537
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.44
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.45
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46

Priority: Normal => High
Keywords: (none) => advisory
Severity: normal => major

Comment 3 Len Lawrence 2022-06-12 19:01:00 CEST 
Kernel: 5.15.46-1.mga8 x86_64
Quad Core Intel Core i7-4790
NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 470.129.06 
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet 
  driver: r8169 

Linus kernel running fine on the Mate desktop.  No regressions seen.
Thomas Backlund 2022-06-13 21:48:48 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

Comment 4 Mageia Robot 2022-06-13 22:45:46 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0230.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED