Bug 29978 - CVE-2022-24122
Summary: CVE-2022-24122
Status: RESOLVED DUPLICATE of bug 29960
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL: https://security-tracker.debian.org/t...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-31 17:30 CET by Nikolay Sabelnikov
Modified: 2022-01-31 17:48 CET (History)
2 users (show)

See Also:
Source RPM: Kernel
CVE: CVE-2022-24122
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nikolay Sabelnikov 2022-01-31 17:30:20 CET 
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
Nikolay Sabelnikov 2022-01-31 17:30:38 CET

Priority: Normal => High
Severity: normal => critical

Nikolay Sabelnikov 2022-01-31 17:31:13 CET

CVE: (none) => CVE-2022-24122
CC: (none) => 79625490833

Comment 1 Nikolay Sabelnikov 2022-01-31 17:33:05 CET 
The problem has been manifested since the Linux kernel 5.14 and will be fixed in updates 5.16.5 and 5.15.19.
Comment 2 Morgan Leijström 2022-01-31 17:39:21 CET 
Already patched in our testing version :)

https://bugs.mageia.org/show_bug.cgi?id=29960#c11

With your energy it would be nice to have you onboard.
Have you considered joining?

*** This bug has been marked as a duplicate of bug 29960 ***

CC: (none) => fri
Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 3 Nikolay Sabelnikov 2022-01-31 17:46:27 CET 
good idea.  I'll probably use it.
Comment 4 Morgan Leijström 2022-01-31 17:48:42 CET 
Welcome.

https://wiki.mageia.org/en/Contributing

Join a mail list and say you are here :)
Note You need to log in before you can comment on or make changes to this bug.