Security and bugfixes, advisory will follow... SRPM: kernel-linus-5.15.14-1.mga8.src.rpm i586: kernel-linus-5.15.14-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-5.15.14-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-latest-5.15.14-1.mga8.i586.rpm kernel-linus-doc-5.15.14-1.mga8.noarch.rpm kernel-linus-latest-5.15.14-1.mga8.i586.rpm kernel-linus-source-5.15.14-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.15.14-1.mga8.noarch.rpm x86_64: kernel-linus-5.15.14-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-5.15.14-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-latest-5.15.14-1.mga8.x86_64.rpm kernel-linus-doc-5.15.14-1.mga8.noarch.rpm kernel-linus-latest-5.15.14-1.mga8.x86_64.rpm kernel-linus-source-5.15.14-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.15.14-1.mga8.noarch.rpm
mga8, x64 Left out source packages on all tests. Installed everything else. Working OK here. Intel Core i7, GTX 970 Virtualbox, NFS shares, NAS drive, bluetooth, desktop applications in Mate - all fine.
CC: (none) => tarazed25
Putting on hold, a more complete fix for a security issue is coming in 5.15.15 in a day or so...
Keywords: (none) => feedback
New set: SRPM: kernel-linus-5.15.15-1.mga8.src.rpm i586: kernel-linus-5.15.15-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-5.15.15-1.mga8-1-1.mga8.i586.rpm kernel-linus-devel-latest-5.15.15-1.mga8.i586.rpm kernel-linus-doc-5.15.15-1.mga8.noarch.rpm kernel-linus-latest-5.15.15-1.mga8.i586.rpm kernel-linus-source-5.15.15-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.15.15-1.mga8.noarch.rpm x86_64: kernel-linus-5.15.15-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-5.15.15-1.mga8-1-1.mga8.x86_64.rpm kernel-linus-devel-latest-5.15.15-1.mga8.x86_64.rpm kernel-linus-doc-5.15.15-1.mga8.noarch.rpm kernel-linus-latest-5.15.15-1.mga8.x86_64.rpm kernel-linus-source-5.15.15-1.mga8-1-1.mga8.noarch.rpm kernel-linus-source-latest-5.15.15-1.mga8.noarch.rpm
Summary: Update request: kernel-linus-5.15.14-1.mga8 => Update request: kernel-linus-5.15.15-1.mga8Keywords: feedback => (none)
5.15.15-1.mga8 x86_64, Intel Core i9-7900X, GeForce GTX 1080 Ti Kernel linus running without issues so far. Mate desktop functions, network services and bluetooth all OK. Leaving it to run a while.
Smooth installation and reboot on x86_64 Intel Core i7 with nvidia GTX 970. NFA shares and NAS drive mounted. Bluetooth connection to portable audio device resumed on a single click. USB PCTV working with non-free firmware. VirtualBox failed to launch a 64-bit client but succeeded with 32-bits. The 64-bit client launched after dkms-virtualbox was reinstalled. Everything else working normally.
Typo : NFA -> NFS
Advisory, added to svn: type: security subject: Updated kernel-linus packages fix security vulnerabilities CVE: - CVE-2021-4155 - CVE-2021-4197 - CVE-2021-44733 - CVE-2021-45095 - CVE-2021-45100 - CVE-2022-23222 src: 8: core: - kernel-linus-5.15.15-1.mga8 description: | This kernel-linus update is based on upstream 5.15.15 and fixes atleast the following security issues: A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them (CVE-2021-4155). An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-4197). A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (CVE-2021-44733). pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak (CVE-2021-45095). The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption (CVE-2021-45100). kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types (CVE-2022-23222). In addition to the upstream changes, we also have changed the following: - enable NF_TABLES_INET, NFT_REJECT_INET and NFT_FIB_INET (mga#29852) - disable CIFS_SMB_DIRECT on desktop kernels as it makes loading cifs deps fail on some setups (mga#29784) - disable unprivileged bpf by default to mitigate other potential security issues with bpf For other upstream fixes, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=29880 - https://bugs.mageia.org/show_bug.cgi?id=29852 - https://bugs.mageia.org/show_bug.cgi?id=29784 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.12 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.14 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.15
Keywords: (none) => advisory
Thanks for the tests... Flushing out to get ahead of the bpf exploits getting disclosed...
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0022.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED