Bug 30030 - Update request: kernel-5.15.23-1.mg8
Summary: Update request: kernel-5.15.23-1.mg8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK, MGA8-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 29965 30027
  Show dependency treegraph
 
Reported: 2022-02-11 17:08 CET by Thomas Backlund
Modified: 2022-02-18 07:25 CET (History)
9 users (show)

See Also:
Source RPM: kernel
CVE:
Status comment:


Attachments

Description Thomas Backlund 2022-02-11 17:08:06 CET
Security and bugfixes, advisory will follow...


SRPMS:
kernel-5.15.23-1.mga8.src.rpm
kmod-virtualbox-6.1.32-1.6.mga8.src.rpm
kmod-xtables-addons-3.18-1.56.mga8.src.rpm



i586:
bpftool-5.15.23-1.mga8.i586.rpm
cpupower-5.15.23-1.mga8.i586.rpm
cpupower-devel-5.15.23-1.mga8.i586.rpm
kernel-desktop-5.15.23-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-5.15.23-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-5.15.23-1.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-latest-5.15.23-1.mga8.i586.rpm
kernel-desktop586-latest-5.15.23-1.mga8.i586.rpm
kernel-desktop-devel-5.15.23-1.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-latest-5.15.23-1.mga8.i586.rpm
kernel-desktop-latest-5.15.23-1.mga8.i586.rpm
kernel-doc-5.15.23-1.mga8.noarch.rpm
kernel-server-5.15.23-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-5.15.23-1.mga8-1-1.mga8.i586.rpm
kernel-server-devel-latest-5.15.23-1.mga8.i586.rpm
kernel-server-latest-5.15.23-1.mga8.i586.rpm
kernel-source-5.15.23-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.15.23-1.mga8.noarch.rpm
kernel-userspace-headers-5.15.23-1.mga8.i586.rpm
libbpf0-5.15.23-1.mga8.i586.rpm
libbpf-devel-5.15.23-1.mga8.i586.rpm
perf-5.15.23-1.mga8.i586.rpm

xtables-addons-kernel-5.15.23-desktop-1.mga8-3.18-1.56.mga8.i586.rpm
xtables-addons-kernel-5.15.23-desktop586-1.mga8-3.18-1.56.mga8.i586.rpm
xtables-addons-kernel-5.15.23-server-1.mga8-3.18-1.56.mga8.i586.rpm
xtables-addons-kernel-desktop586-latest-3.18-1.56.mga8.i586.rpm
xtables-addons-kernel-desktop-latest-3.18-1.56.mga8.i586.rpm
xtables-addons-kernel-server-latest-3.18-1.56.mga8.i586.rpm



x86_64:
bpftool-5.15.23-1.mga8.x86_64.rpm
cpupower-5.15.23-1.mga8.x86_64.rpm
cpupower-devel-5.15.23-1.mga8.x86_64.rpm
kernel-desktop-5.15.23-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-5.15.23-1.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-latest-5.15.23-1.mga8.x86_64.rpm
kernel-desktop-latest-5.15.23-1.mga8.x86_64.rpm
kernel-doc-5.15.23-1.mga8.noarch.rpm
kernel-server-5.15.23-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-5.15.23-1.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-latest-5.15.23-1.mga8.x86_64.rpm
kernel-server-latest-5.15.23-1.mga8.x86_64.rpm
kernel-source-5.15.23-1.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-5.15.23-1.mga8.noarch.rpm
kernel-userspace-headers-5.15.23-1.mga8.x86_64.rpm
lib64bpf0-5.15.23-1.mga8.x86_64.rpm
lib64bpf-devel-5.15.23-1.mga8.x86_64.rpm
perf-5.15.23-1.mga8.x86_64.rpm

virtualbox-kernel-5.15.23-desktop-1.mga8-6.1.32-1.6.mga8.x86_64.rpm
virtualbox-kernel-5.15.23-server-1.mga8-6.1.32-1.6.mga8.x86_64.rpm
virtualbox-kernel-desktop-latest-6.1.32-1.6.mga8.x86_64.rpm
virtualbox-kernel-server-latest-6.1.32-1.6.mga8.x86_64.rpm

xtables-addons-kernel-5.15.23-desktop-1.mga8-3.18-1.56.mga8.x86_64.rpm
xtables-addons-kernel-5.15.23-server-1.mga8-3.18-1.56.mga8.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.18-1.56.mga8.x86_64.rpm
xtables-addons-kernel-server-latest-3.18-1.56.mga8.x86_64.rpm
Thomas Backlund 2022-02-11 17:09:40 CET

Blocks: (none) => 29965, 30027

Comment 1 Jose Manuel López 2022-02-11 17:32:09 CET
Hi!

I have updated from 5.15.16 in Vbox Mga8 x86_64, no issues for the moment, Vbox ok, apps ok, Libreoffice, Firefox, Thunderbird (91.6 tried too), ok. Settings, audio and video ok.

Reboot ok,

Greetings!!

CC: (none) => joselp

Comment 2 Len Lawrence 2022-02-11 19:04:06 CET
Mate, x86_64
10-Core Intel Core i9-7900X
NVIDIA GP102 [GeForce GTX 1080 Ti]
Updated desktop and server kernels - 24 packages.  kmods and bootloader rebuilt OK.  Checked `dkms status` - everything OK.
Rebooted smoothly to Plasma under new server kernel.  Desktop features working fine.  Bluetooth audio connected as soon as switched on.  Virtualbox runs properly, NFS shares accessible.
Rebooted with the desktop kernel and logged in to Mate desktop.  Everything functions normally - bluetooth audio, pulseaudio, vlc video, VirtualBox.

CC: (none) => tarazed25

Comment 3 Brian Rockwell 2022-02-11 21:43:42 CET
MGA8-64, Gnome, Asus Laptop

AMD A6-9225 RADEON R4
RTL8723BE 
Bluetooth

The following 3 packages are going to be installed:

- cpupower-5.15.23-1.mga8.x86_64
- kernel-desktop-5.15.23-1.mga8-1-1.mga8.x86_64
- kernel-desktop-latest-5.15.23-1.mga8.x86_64


--- rebooted

used for several hours
suspend works properly
wifi
browser
etc.

CC: (none) => brtians1

Comment 4 Len Lawrence 2022-02-12 00:09:18 CET
mga8, x86_64, Mate
Intel model: NUC10i7FNB v: K61360-302
6-Core Intel Core i7-10710U
Intel Comet Lake UHD Graphics driver: i915 
OpenGL: renderer: Mesa Intel UHD Graphics - 4.6 Mesa 21.3.4

Updated desktop and server kernels.  No virtualbox - this is a fileserver machine.  nvidia kmods built during installation - why?
Smooth reboot with the server kernel.  Normal desktop functions OK.
Remote logins work, from either end.  Bluetooth audio connected immediately.
vlc and totem sound and video working.  Ran glmark2 using mesa graphics - 4520 fps.  NAS drive accessible.
Comment 5 Herman Viaene 2022-02-12 12:01:04 CET
Installed server edition, all Intel HW. Internet, NFS access on LAN, audio, video, differerent file types, all work OK. glmark2 790 which is somewhat low on this laptop (usually aound 900)

CC: (none) => herman.viaene

Comment 6 Len Lawrence 2022-02-12 15:47:43 CET
Updated via qarepo, leaving out source and virtualbox packages.
Rebooted OK but took a while to establish a wifi connection.

Dell XPS13 netbook on 5G wifi.
5.15.23-desktop-1.mga8 x86_64
Dual Core Intel Core i7-7500U
Intel HD Graphics 620 driver: i915
Qualcomm Atheros QCA6174 802.11ac - driver: ath10k_pci
Qualcomm Atheros QCA61x4 Bluetooth 4.0 - btusb

Mate desktop working normally.  NFS shares and NAS storage available.
vlc playing video and sound OK using btusb.
Comment 7 Brian Rockwell 2022-02-12 16:58:02 CET
MGA8-64, on Xfce, Toshiba Laptop

AMD A6-3420M APU
Radeon HD 6520G
RTL8188CE 802.11b/g/n WiFi Adapter

Installed the usual four desktop

--- rebooted

$ uname -a
Linux localhost 5.15.23-desktop-1.mga8 #1 SMP Fri Feb 11 09:56:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

- suspend works 
- firefox working
- wifi
- sound working

works on this machine
Comment 8 Brian Rockwell 2022-02-12 18:08:59 CET
MGA8-64, AMD x3-450, Nvidia 730gt (Nvidia 390)

The following 6 packages are going to be installed:

- cpupower-5.15.23-1.mga8.x86_64
- kernel-desktop-5.15.23-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.15.23-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.15.23-1.mga8.x86_64
- kernel-desktop-latest-5.15.23-1.mga8.x86_64
- kernel-userspace-headers-5.15.23-1.mga8.x86_64


126MB of additional disk space will be used.


-----

$ uname -a
Linux localhost.localdomain 5.15.23-desktop-1.mga8 #1 SMP Fri Feb 11 09:56:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

# lsmod | grep nvidi
nvidia_uvm            933888  0
nvidia_drm             53248  1
drm_kms_helper        307200  1 nvidia_drm
nvidia_modeset       1060864  8 nvidia_drm
nvidia              15888384  307 nvidia_uvm,nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm                   626688  4 drm_kms_helper,nvidia_drm

- nextcloud-client working
- sound
- firefox
- libreoffice works



working as designed.
Comment 9 Guillaume Royer 2022-02-12 21:09:07 CET
MGA 64 XFCE Core I3, 4Go Ram, Geforce Nvidia 520M and driver broadcom nonfree.

Update with QA repo.

No issues after reboot

Browsing with Firefox OK
Switching gaphic card with mgaeia-prime OK
Using Vbox OK

CC: (none) => guillaume.royer

Comment 10 Brian Rockwell 2022-02-13 00:33:07 CET
AMD x2-3800, 6150le (nouveau), Mate


The following 4 packages are going to be installed:

- cpupower-5.15.23-1.mga8.i586
- kernel-server-5.15.23-1.mga8-1-1.mga8.i586
- kernel-server-latest-5.15.23-1.mga8.i586
- kernel-userspace-headers-5.15.23-1.mga8.i586

---rebooted


$ uname -a
Linux localhost.localdomain 5.15.23-server-1.mga8 #1 SMP Fri Feb 11 10:47:48 UTC 2022 i686 i686 i386 GNU/Linux

- network working
- nextcloud server working (means apache and db working)
- firefox working
Comment 11 Brian Rockwell 2022-02-13 00:56:25 CET
Asus netbook, 64bit 
Celeron(R) N4000 
GeminiLake [UHD Graphics 600]


installed usual 4 for desktop-latest


---rebooted---

browser working
wifi working
sound works
luks encryption working
suspend works.
Comment 12 Thomas Andrews 2022-02-13 01:49:40 CET
Tested with Foolishness, my Dell Inspiron 5100, 32-bit P4, Radeon RV200 graphics, ancient Atheros-based wifi, 32-bit Xfce system using kernel-desktop.

Tested the mesa update first, then came after this one. No installation issues. After the reboot tried this and that, with no obvious issues noted.

CC: (none) => andrewsfarm

Comment 13 christian barranco 2022-02-14 09:23:55 CET
Hi. 
Tested on a desktop PC, x86, Plasma. => no issue.

TESTS
=====
```
browser: ok
tunderbird: ok
nextcloud-client: ok
sound: ok
webcam: ok
virtualbox: ok
solaar (logitech mouse and keboard): ok
Bluetooth: ok
boinc with openCL: ok
mock: ok
signal-desktop (Mageia package): ok
schildichat matrix client (Mageia package): ok
psensor / sensors-detect: ok  (GPU fan speed still off but not worse, not better)
libreoffice with openCL: ok
darktable with openCL: ok
```

INSTALLATION
============
```
Via QArepo. No issues.

Pour satisfaire les dépendances, les paquetages suivants vont être installés :
  Paquetage                      Version      Révision      Arch    
(média « QA Testing (64-bit) »)
  cpupower                       5.15.23      1.mga8        x86_64  
  kernel-desktop-5.15.23-1.mga8  1            1.mga8        x86_64  
  kernel-desktop-latest          5.15.23      1.mga8        x86_64  
  kernel-userspace-headers       5.15.23      1.mga8        x86_64  
  lib64bpf0                      5.15.23      1.mga8        x86_64  
  virtualbox-kernel-5.15.23-des> 6.1.32       1.6.mga8      x86_64  
  virtualbox-kernel-desktop-lat> 6.1.32       1.6.mga8      x86_64  
un espace additionnel de 77Mo sera utilisé.
70Mo de paquets seront récupérés.
```

SYSTEM CONFIGURATION
====================

```
System:    Host: cbct-desk Kernel: 5.15.16-desktop-1.mga8 x86_64 bits: 64 Desktop: KDE Plasma 5.20.4 Distro: Mageia 8 mga8 
Machine:   Type: Desktop System: ASUS product: N/A v: N/A serial: <superuser required> 
           Mobo: ASUSTeK model: TUF GAMING B550M-PLUS v: Rev X.0x serial: <superuser required> UEFI: American Megatrends 
           v: 2423 date: 08/10/2021 
CPU:       Info: 12-Core AMD Ryzen 9 5900X [MT MCP] speed: 4260 MHz min/max: 2200/3700 MHz 
Graphics:  Device-1: Advanced Micro Devices [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] driver: amdgpu 
           v: kernel 
           Display: x11 server: Mageia X.org 1.20.14 driver: amdgpu,v4l resolution: 2560x1440~60Hz 
           OpenGL: renderer: AMD Radeon RX 570 Series (POLARIS10 DRM 3.42.0 5.15.16-desktop-1.mga8 LLVM 11.0.1) 
           v: 4.6 Mesa 21.3.4 
Network:   Device-1: Realtek RTL8125 2.5GbE driver: r8169 
Drives:    Local Storage: total: 1.59 TiB used: 556.61 GiB (34.1%) 
           ID-1: /dev/nvme0n1 vendor: Seagate model: FireCuda 520 SSD ZP500GM30002 size: 465.76 GiB 
           ID-2: /dev/sda vendor: Western Digital model: WD10EZEX-00RKKA0 size: 931.51 GiB 
           ID-3: /dev/sdb vendor: Samsung model: SSD 850 EVO 250GB size: 232.89 GiB 
           Optical-1: /dev/sr0 vendor: HL-DT-ST model: DVDRAM GH24NS95 dev-links: cdrom,cdrw,dvd,dvdrw 
           Features: speed: 12 multisession: yes audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram 
USB:       Hub: 1-0:1 info: Full speed (or root) Hub ports: 10 rev: 2.0 
           Device-1: 1-6:2 info: ASUSTek AURA LED Controller type: <vendor specific> rev: 2.0 
           Hub: 1-7:3 info: Genesys Logic Hub ports: 4 rev: 2.0 
           Hub: 1-9:4 info: Genesys Logic Hub ports: 4 rev: 2.0 
           Hub: 2-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 
           Hub: 3-0:1 info: Full speed (or root) Hub ports: 4 rev: 2.0 
           Device-1: 3-1:2 info: Logitech Unifying Receiver type: Keyboard,Mouse,HID rev: 2.0 
           Device-2: 3-2:3 info: Logitech HD Webcam C525 type: Audio,Video rev: 2.0 
           Device-3: 3-3:4 info: ASUSTek ASUS USB-BT500 type: Bluetooth rev: 1.1 
           Hub: 4-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 

openCL AMD by installing manually some files of amdgpu-pro-20.20-1089974-rhel-8.2
```

CC: (none) => chb0

Comment 14 Thomas Andrews 2022-02-14 16:05:06 CET
MGA8-64 Plasma on a Probook 655b, i3, Intel graphics, Intel wifi. Tested after updating nonfree firmwares, and mesa. 

No installation issues, and after the reboot all looks good. Wifi connects with Network Manager, videos play with VLC, Firefox loads websites.
Comment 15 Thomas Backlund 2022-02-15 19:50:34 CET
Thanks for the tests... flushing out...

Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2022-0435
 - CVE-2022-0492
 - CVE-2022-24448
src:
  8:
   core:
     - kernel-5.15.23-1.mga8
     - kmod-virtualbox-6.1.32-1.6.mga8
     - kmod-xtables-addons-3.18-1.56.mga8
description: |
  This kernel update is based on upstream 5.15.23 and fixes atleast the
  following security issues:

  A stack overflow flaw was found in the Linux kernel TIPC protocol
  functionality in the way a user sends a packet with malicious content
  where the number of domain member nodes is higher than the 64 allowed.
  This flaw allows a remote user to crash the system or possibly escalate
  their privileges if they have access to the TIPC network (CVE-2022-0435).

  A vulnerability was found in the Linux kernel cgroup_release_agent_write
  in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain
  circumstances, allows the use of the cgroups v1 release_agent feature to
  escalate privileges and bypass the namespace isolation unexpectedly
  (CVE-2022-0492).

  An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5.
  If an application sets the O_DIRECTORY flag, and tries to open a regular
  file, nfs_atomic_open() performs a regular lookup. If a regular file is
  found, ENOTDIR should occur, but the server instead returns uninitialized
  data in the file descriptor (CVE-2022-24448).

  Other fixes in this update:
  - enable several missed MediaTek wifi drivers (mga#29965)

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30030
 - https://bugs.mageia.org/show_bug.cgi?id=29965

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK
CC: (none) => sysadmin-bugs

Comment 16 Thomas Andrews 2022-02-15 20:15:48 CET
Dell Dimension e520, Core2Quad, Radeon HD 8570 graphics (amdgpu driver), rtl8192cu wifi dongle, MGA8-64 Plasma system.

No installation issues, and no issues noted after the reboot.
Comment 17 Mageia Robot 2022-02-15 21:51:31 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0062.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 18 Morgan Leijström 2022-02-16 12:37:34 CET
Uh out already... anyway.. been running it a couple days.

OK here mga8-64, i7, nvidia-current

Testing together with todays released mesa, microcode, nonfree firmwares.

$ uname -a
Linux svarten.tribun 5.15.23-desktop-1.mga8 #1 SMP Fri Feb 11 09:56:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

$ dkms status showing OK

BOINC detects CUDA and OpenCL

Hardware:
  My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner


Tested:

  Plasma desktop; using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, Firefox ESR, flatpak Firefox, flatpak Spotify, java program FriBOK, ... 
Stress test: While working with other things BOINC use all cores to 100%, videos do not stutter in Chromium, nor Firefox ESR but do in flatpak version

 VirtualBox: 

a) Guest: my usual MSW7pro-64, tests OK: bidirectional clipboard, shared folders write protected and not, USB2 memory stick read&write (using upstream extension pack), drag file from Dolphin to Windows Explorer, Windows update (antivirus def), video playing in Firefox and Chrome while CPU is heavily loaded.

b) Guest: Mageia 8 -64 LXDE: booted before and after all recent updates.  Test OK:
Window resizing, bidirectional clipboard, host file sharing, internet, video, USB flashstick.

CC: (none) => fri

Comment 19 Morgan Leijström 2022-02-16 13:14:19 CET
OK also 64 bit:


§ Laptop Asus A717, Plasma
i5-7300HQ, integrated HD Graphics 630, using "Intel 810 and later" (GPU 2 not configured), wifi Atheros QCA6174 using ath10k_pci


§ Laptop Thinkpad T510, Plasma
GPU i5-M540, 4 core
GPU: GT218M[NVS 3100M] using NVIDIA GeForce 8100 to GeForce 415
wifi: Centrino Advanced N 6200, using iwlwifi


§ Laptop Dell Dimension M63000, Plasma
CPU: Core2 Duo T7500
GPU: G84GLM [Quadro FX 1600M] using NVIDIA GeForce 8100 to GeForce 415
wifi: PRO/Wireless 3945ABG using iwl3945
Comment 20 Frédéric "LpSolit" Buclin 2022-02-18 02:23:19 CET
@tmb: A bit out of topic, but is there any plan to backport kernel 5.16 to Mageia 8 for better Intel Alder Lake support (12th gen)?
Comment 21 Thomas Backlund 2022-02-18 07:25:57 CET
(In reply to Frédéric "LpSolit" Buclin from comment #20)
> @tmb: A bit out of topic, but is there any plan to backport kernel 5.16 to
> Mageia 8 for better Intel Alder Lake support (12th gen)?

yes, but the high flow of official updates, and some issues on the 5.16 branch has made me delay it a bit...

I will probably push the cauldron 5.16.10-2 update to backports later today/tomorrow...

Note You need to log in before you can comment on or make changes to this bug.