Bug 32336

Summary: kernel 5.15 and 6.1 new security issues CVE-2023-4275[456] and CVE-2023-5178
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Kernel and Drivers maintainers <kernel>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: fri, ghibomgx, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: kernel, kernel-linus CVE:
Status comment:

Nicolas Salguero 2023-09-28 10:01:53 CEST

Source RPM: (none) => kernel, kernel-linus
Assignee: bugsquad => kernel
CC: (none) => nicolas.salguero

Comment 1 Nicolas Salguero 2023-10-09 15:45:27 CEST 
Hi,

CVE-2023-42754 was announced here:
https://www.openwall.com/lists/oss-security/2023/10/02/8
It is fixed by:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=0113d9c9d1cc

Best regards,

Nico.

Summary: kernel 5.15 and 6.1 new security issues CVE-2023-4275[56] => kernel 5.15 and 6.1 new security issues CVE-2023-4275[456]

Comment 2 Nicolas Salguero 2023-10-19 10:13:39 CEST 
Hi,

CVE-2023-5178 (Linux NVMe-oF/TCP Driver - UAF in `nvmet_tcp_free_crypto`) was announced here:
https://www.openwall.com/lists/oss-security/2023/10/15/1

Best regards,

Nico.

Summary: kernel 5.15 and 6.1 new security issues CVE-2023-4275[456] => kernel 5.15 and 6.1 new security issues CVE-2023-4275[456] and CVE-2023-5178

Comment 3 Morgan Leijström 2023-12-21 20:50:09 CET 
Now when we seem to get kernel updates moving on mga9...

Should we fix a last one on mga8 as a service to our users, or close as wontfix, old, EOL ?

CC: (none) => fri, ghibomgx

Comment 4 Morgan Leijström 2024-01-01 15:29:32 CET 
Mga8 is EOL, so lets use our steam on mga9.

Resolution: (none) => OLD
Status: NEW => RESOLVED