Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerability
CVE:
 - CVE-2022-0185
src:
  8:
   core:
     - kernel-5.15.16-1.mga8
     - kmod-virtualbox-6.1.30-1.14.mga8
     - kmod-xtables-addons-3.18-1.48.mga8
description: |
  This kernel update is based on upstream 5.15.16 and fixes atleast the
  following security issue:

  William Liu and Jamie Hill-Daniel discovered that the file system context
  functionality in the Linux kernel contained an integer underflow
  vulnerability, leading to an out-of-bounds write. A local attacker could
  use this to cause a denial of service (system crash) or execute arbitrary
  code (CVE-2022-0185).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29916
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.16

Keywords: (none) => advisory
Priority: Normal => High

No regressions noticed on x86_64 desktop, laptop, vb guest, i586 vb guest or
aarch64 rpi4b.

CC: (none) => davidwhodgins

No issues on Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics, 32-bit Xfce using kernel-desktop.

CC: (none) => andrewsfarm

OK here mga8-64, nvidia-current

Installed:
- cpupower-5.15.16-1.mga8.x86_64
- kernel-desktop-5.15.16-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.15.16-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.15.16-1.mga8.x86_64
- kernel-desktop-latest-5.15.16-1.mga8.x86_64
- kernel-userspace-headers-5.15.16-1.mga8.x86_64
- lib64bpf0-5.15.16-1.mga8.x86_64
- virtualbox-kernel-5.15.16-desktop-1.mga8-6.1.30-1.14.mga8.x86_64
- virtualbox-kernel-desktop-latest-6.1.30-1.14.mga8.x86_64

Rebooted,

$ uname -a
Linux svarten.tribun 5.15.16-desktop-1.mga8 #1 SMP Thu Jan 20 16:28:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

$ dkms status showing OK

BOINC detects CUDA and OpenCL, and BOINC perform work on GPU

Hardware:
  My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner


Tested:

  Plasma desktop; using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, Firefox ESR, flatpak Firefox, flatpak Spotify, java program FriBOK, ... 
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chromium, nor Firefox ESR but do in flatpak version

 VirtualBox: Launched my usual MSW7pro-64, tests OK: bidirectional clipboard, shared folders write protected and not, USB2 memory stick read&write (using upstream extension pack), drag file from Dolphin to Windows Explorer, Windows update, video playing in Firefox and Chrome while CPU is heavily loaded.

CC: (none) => fri

OK mga8-64 in Thinkapd T510: No regression noted.


CPU Intel i5 M540
GPU Nvidia GT218M(NVC3100M) using Geforce 8100 to 415 driver.
wifi Atheros QCA6174, driver ath10k_pci
SSD drive, LUKS, LVM, ext4

Plasma

Did some web surfing & played video from web

flatpak update

Suspend-resume

VirtualBox with W10 client: did some web surfing & played video from web

First: correction on hardware in comment 4:
wifi Centrino Advanced-N 6200, driver iwlwifi
GPU GT128M [NVS 3100M]  (made typo)

---

Now:

OK mga8-64 in Asus A717: No regression noted

CPU Intel i5-7300HQ
GPU integrated HD Graphics 630, driver Intel 810 and later (GPU 2 not configured)
wifi Atheros QCA6174, driver ath10k_pci
SSD drive, LUKS, LVM, ext4

Plasma, web surfing, video in browser
Suspend-resume works

x86_64
Installed desktop and server kernels and rebooted to server.
Mate running normally on Intel Core i7 with nvidia graphics.
Virtualbox, sound, video, bluetooth and all usual services working fine.

CC: (none) => tarazed25

x86_64
Installed desktop and server kernels on Intel Core i9 with nvidia graphics.  Tried out the server kernel and everything ran OK.  Rebooted to desktop kernel and no issues noted so far in Mate.

MGA X64 XFCE, Core i3, 4GO RAM, Nvidia 520M with driver 390 non free and broadcom non free.

Updated with QA repo tool ans rpms: 

cpupower                       5.15.16      1.mga8        x86_64  
kernel-desktop-5.15.16-1.mga8  1            1.mga8        x86_64  
kernel-desktop-devel-5.15.16-> 1            1.mga8        x86_64  
kernel-desktop-devel-latest    5.15.16      1.mga8        x86_64  
kernel-desktop-latest          5.15.16      1.mga8        x86_64  
kernel-userspace-headers       5.15.16      1.mga8        x86_64  
lib64bpf0                      5.15.16      1.mga8        x86_64  
virtualbox-kernel-5.15.16-des> 6.1.30       1.14.mga8     x86_64  
virtualbox-kernel-desktop-lat> 6.1.30       1.14.mga8     x86_64  

No issues after reboot. Internet browsing ok, Vbox use ok, Switching nvidia card with mageia-prime ok.

CC: (none) => guillaume.royer

i5-2500, Intel graphics, wired Internet, 64-bit Plasma system using the server kernel. 

No installation issues. The VirtualBox and rtl8192eu modules appeared to be built and installed correctly - at least there were no error messages about them.

After the reboot, tried VirtualBox, vlc, Firefox, with no issues noted. Using Firefox to make this report. The rtl8192eu device isn't handy at the moment, so that driver was not tested, but I have no reason to think it won't work.

Asus netbook, 64bit 
Celeron(R) N4000 
GeminiLake [UHD Graphics 600]


The following 4 packages are going to be installed:

- cpupower-5.15.16-1.mga8.x86_64
- kernel-desktop-5.15.16-1.mga8-1-1.mga8.x86_64
- kernel-desktop-latest-5.15.16-1.mga8.x86_64
- kernel-userspace-headers-5.15.16-1.mga8.x86_64


---rebooted---

browser working
wifi working
sound works
luks encryption working
libreoffice working

CC: (none) => brtians1

Hi

System configuration:

```
System:    Host: cbct-desk Kernel: 5.15.16-desktop-1.mga8 x86_64 bits: 64 Desktop: KDE Plasma 5.20.4 Distro: Mageia 8 mga8 
Machine:   Type: Desktop System: ASUS product: N/A v: N/A serial: <superuser required> 
           Mobo: ASUSTeK model: TUF GAMING B550M-PLUS v: Rev X.0x serial: <superuser required> UEFI: American Megatrends 
           v: 2423 date: 08/10/2021 
CPU:       Info: 12-Core AMD Ryzen 9 5900X [MT MCP] speed: 4260 MHz min/max: 2200/3700 MHz 
Graphics:  Device-1: Advanced Micro Devices [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] driver: amdgpu 
           v: kernel 
           Display: x11 server: Mageia X.org 1.20.14 driver: amdgpu,v4l resolution: 2560x1440~60Hz 
           OpenGL: renderer: AMD Radeon RX 570 Series (POLARIS10 DRM 3.42.0 5.15.16-desktop-1.mga8 LLVM 11.0.1) 
           v: 4.6 Mesa 21.3.4 
Network:   Device-1: Realtek RTL8125 2.5GbE driver: r8169 
Drives:    Local Storage: total: 1.59 TiB used: 556.61 GiB (34.1%) 
           ID-1: /dev/nvme0n1 vendor: Seagate model: FireCuda 520 SSD ZP500GM30002 size: 465.76 GiB 
           ID-2: /dev/sda vendor: Western Digital model: WD10EZEX-00RKKA0 size: 931.51 GiB 
           ID-3: /dev/sdb vendor: Samsung model: SSD 850 EVO 250GB size: 232.89 GiB 
           Optical-1: /dev/sr0 vendor: HL-DT-ST model: DVDRAM GH24NS95 dev-links: cdrom,cdrw,dvd,dvdrw 
           Features: speed: 12 multisession: yes audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram 
USB:       Hub: 1-0:1 info: Full speed (or root) Hub ports: 10 rev: 2.0 
           Device-1: 1-6:2 info: ASUSTek AURA LED Controller type: <vendor specific> rev: 2.0 
           Hub: 1-7:3 info: Genesys Logic Hub ports: 4 rev: 2.0 
           Hub: 1-9:4 info: Genesys Logic Hub ports: 4 rev: 2.0 
           Hub: 2-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 
           Hub: 3-0:1 info: Full speed (or root) Hub ports: 4 rev: 2.0 
           Device-1: 3-1:2 info: Logitech Unifying Receiver type: Keyboard,Mouse,HID rev: 2.0 
           Device-2: 3-2:3 info: Logitech HD Webcam C525 type: Audio,Video rev: 2.0 
           Device-3: 3-3:4 info: ASUSTek ASUS USB-BT500 type: Bluetooth rev: 1.1 
           Hub: 4-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 
```

```
openCL AMD by installing manually some files of amdgpu-pro-20.20-1089974-rhel-8.2
```

```
Installation without error of:

kernel-desktop-latest-5.15.16-1.mga8
lib64bpf0-5.15.16-1.mga8
kernel-desktop-5.15.16-1.mga8-1-1.mga8
kernel-userspace-headers-5.15.16-1.mga8
cpupower-5.15.16-1.mga8
virtualbox-kernel-5.15.16-desktop-1.mga8-6.1.30-1.14.mga8
virtualbox-kernel-desktop-latest-6.1.30-1.14.mga8
```

---rebooted---

```
tests:

browser: ok
tunderbird: ok
sound: ok
camera: ok
virtualbox: ok
solaar (logitech mouse and keboard): ok
Bluetooth: ok
boinc with openCL: ok
mock to build chromium: ok
signal-desktop: ok
schildichat matrix client: ok
psensor / sensors-detect: ok  (GPU fan speed still off but not worse, not better)
libreoffice: ok
darktable with openCL: ok
```

CC: (none) => chb0

On M8 hardware in a Vbox client, M8, Xfce, 32-bit

clear
uname -a
urpmi kernel-desktop-latest
urpmi kernel-userspace-headers
urpmi cpupower
urpmi virtualbox-guest-additions

Linux localhost 5.15.15-desktop586-1.mga8 #1 SMP Sun Jan 16 08:49:42 UTC 2022 i686 i686 i386 GNU/Linux
Package kernel-desktop-latest-5.15.15-1.mga8.i586 is already installed
Package kernel-userspace-headers-5.15.15-1.mga8.i586 is already installed
Package cpupower-5.15.15-1.mga8.i586 is already installed
Package virtualbox-guest-additions-6.1.30-1.mga8.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

install updates from from update_testing:
 
Reboot system.

Linux localhost 5.15.16-desktop-1.mga8 #1 SMP Thu Jan 20 17:58:21 UTC 2022 i686 i686 i386 GNU/Linux
Package kernel-desktop-latest-5.15.16-1.mga8.i586 is already installed
Package kernel-userspace-headers-5.15.16-1.mga8.i586 is already installed
Package cpupower-5.15.16-1.mga8.i586 is already installed
Package virtualbox-guest-additions-6.1.32-1.mga8.i586 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

CC: (none) => wilcal.int

On M8 hardware in a Vbox client, M8, Plasma, 64-bit

clear
uname -a
urpmi kernel-desktop-latest
urpmi kernel-userspace-headers
urpmi cpupower
urpmi virtualbox-guest-additions

Linux localhost 5.15.15-desktop-1.mga8 #1 SMP Sun Jan 16 08:49:42 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.15.15-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.15.15-1.mga8.x86_64 is already installed
Package cpupower-5.15.15-1.mga8.x86_64 is already installed
Package virtualbox-guest-additions-6.1.30-1.mga8.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

install updates from from update_testing:

Reboot system.

Linux localhost 5.15.16-desktop-1.mga8 #1 SMP Thu Jan 20 16:28:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.15.16-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.15.16-1.mga8.x86_64 is already installed
Package cpupower-5.15.16-1.mga8.x86_64 is already installed
Package virtualbox-guest-additions-6.1.32-1.mga8.x86_64 is already installed

Boots to a working desktop. Screen resolution is correct. Common apps work.

On real hardware, M8, Plasma, 64-bit

Packages checked:

clear
uname -a
urpmi kernel-desktop-latest
urpmi virtualbox
urpmi x11-driver-video-vboxvideo
urpmi kernel-desktop-devel-latest
urpmi kernel-userspace-headers
urpmi cpupower
urpmi virtualbox-kernel-desktop-latest
urpmi dkms-virtualbox
 
Linux localhost 5.15.15-desktop-1.mga8 #1 SMP Sun Jan 16 08:49:42 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.15.15-1.mga8.x86_64 is already installed
Package virtualbox-6.1.30-1.mga8.x86_64 is already installed
Package x11-driver-video-vboxvideo-1.0.0-6.mga8.x86_64 is already installed
Package kernel-desktop-devel-latest-5.15.15-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.15.15-1.mga8.x86_64 is already installed
Package cpupower-5.15.15-1.mga8.x86_64 is already installed
Package virtualbox-kernel-desktop-latest-6.1.30-1.12.mga8.x86_64 is already installed
Package dkms-virtualbox-6.1.30-1.mga8.x86_64 is already installed
[root@localhost wilcal]# lspci -k
00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07)
        DeviceName: To Be Filled by O.E.M.
        Subsystem: Dell Device 097c
        Kernel driver in use: i915
        Kernel modules: i915

Boots to working desktop

M8   i586   Vbox Xfce   Client, boots to a working desktop - Screen size correct
M8   x86_64 Vbox Plasma Client, boots to a working desktop - Screen size correct

install updates from from update_testing:

reboot system

Linux localhost 5.15.16-desktop-1.mga8 #1 SMP Thu Jan 20 16:28:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Package kernel-desktop-latest-5.15.16-1.mga8.x86_64 is already installed
Package virtualbox-6.1.32-1.mga8.x86_64 is already installed
Package x11-driver-video-vboxvideo-1.0.0-6.mga8.x86_64 is already installed
Package kernel-desktop-devel-latest-5.15.16-1.mga8.x86_64 is already installed
Package kernel-userspace-headers-5.15.16-1.mga8.x86_64 is already installed
Package cpupower-5.15.16-1.mga8.x86_64 is already installed
Package virtualbox-kernel-desktop-latest-6.1.30-1.14.mga8.x86_64 is already installed
Package dkms-virtualbox-6.1.32-1.mga8.x86_64 is already installed
[root@localhost wilcal]# lspci -k
00:02.0 VGA compatible controller: Intel Corporation Iris Plus Graphics G1 (Ice Lake) (rev 07)
        DeviceName: To Be Filled by O.E.M.
        Subsystem: Dell Device 097c
        Kernel driver in use: i915
        Kernel modules: i915

M8   i586   Vbox Xfce   Client, boots to a working desktop - Screen size correct
M8   x86_64 Vbox Plasma Client, boots to a working desktop - Screen size correct

Thanks for the tests, flushing out...

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK
CC: (none) => sysadmin-bugs

1 installation-transactin failed

An error occurred during the installation:

package kernel-server-5.15.16-1.mga8-1-1.mga8.x86_64 does not verify: Payload SHA256 ALT digest: BAD (Expected 41e6a1df7dc7e4d2607f23151a99f760adc73fb06e6b6f6a84303862920976ef != d136a9a5e6d2eb18ff972dc7095c006af044631c709fb8fde3bc570d82c23883)

CC: (none) => herman.viaene

@Herman, try
 urpmi --clean
and retry.
Possibly select another downloader 
https://wiki.mageia.org/en/Mageia_8_Errata#Downloading_software

OK 64 bit on Acer Aspire one, 2 core Atom N450
GPU: integrated, driver Intel 810 and later 
wifi: Qualcomm Atheros AR9285, driver ath9k

Running updated 64-bit mga8, Xfce. Spinning disk, auto partitionned.

OK various apps, browser (but this is a slow beast..  my single 32 bit core Thinkpad T43 beat it on some aspects!!)

OK suspend-resume

Hibernation: powers off, skips grub, but boots as not saved.  (I dont remember if i have tested this before.

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0026.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

@Morgan Comment 18
Followed instructions of wiki, changed downloader, selected other mirror (each time did clean), switched verification off in global options, but problem persists.Used wget and aria2 as downloaders i.s.o curl, all in vain.
Update from CLI gives same error, nothing else.

OK 32 bit Thinkpad T43

I i know kernel is out, but as I was at it, took it to the end.
Delayed due to nonreliable disk...
Now reinstalled skipping a section of disk by placing an unused partition.
(indication: lvcreate hang when operating there)
Possibly still problem somewhere but everything i tried works except hibernation which yields following last four lines in journal
 systemd[1]: Starting hibernate...
 kernel : PM: Image not found (code -22)
 systemd-sleep[2696]: Suspending system...
 kernel: PM: hibernation: hibernation entry
Then it powers off.
At power on it boots from scratch

suspend-resume is perfect.

@Herman, continue in qa-discuss if you want to proceed

(In reply to Herman Viaene from comment #21)
> @Morgan Comment 18
> Followed instructions of wiki, changed downloader, selected other mirror
> (each time did clean), switched verification off in global options, but
> problem persists.Used wget and aria2 as downloaders i.s.o curl, all in vain.
> Update from CLI gives same error, nothing else.

Were you able to resolve this?