Bug 30139 - Update request: kernel-linus-5.15.26-1.mga8
Summary: Update request: kernel-linus-5.15.26-1.mga8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-03-08 18:12 CET by Thomas Backlund
Modified: 2022-03-09 18:03 CET (History)
3 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2022-03-08 18:12:02 CET 
Same critical security fix as 


SRPM:
kernel-linus-5.15.26-1.mga8.src.rpm


i586:
kernel-linus-5.15.26-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.26-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.26-1.mga8.i586.rpm
kernel-linus-doc-5.15.26-1.mga8.noarch.rpm
kernel-linus-latest-5.15.26-1.mga8.i586.rpm
kernel-linus-source-5.15.26-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.26-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.15.26-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.26-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.26-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.26-1.mga8.noarch.rpm
kernel-linus-latest-5.15.26-1.mga8.x86_64.rpm
kernel-linus-source-5.15.26-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.26-1.mga8.noarch.rpm
Thomas Backlund 2022-03-08 18:12:12 CET

Severity: normal => critical
Priority: Normal => High

Comment 1 Thomas Backlund 2022-03-08 18:31:13 CET 
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2022-0847
 - CVE-2022-25258
 - CVE-2022-25375
 - CVE-2022-25636
src:
  8:
   core:
     - kernel-linus-5.15.26-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.26 and fixes at least
  the following security issues:

  A vulnerability in the Linux kernel since version 5.8 due to uninitialized
  variables. It enables anybody to write arbitrary data to arbitrary files,
  even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem.
  It can be used to inject code into arbitrary processes (CVE-2022-0847).

  An issue was discovered in drivers/usb/gadget/composite.c in the Linux
  kernel before 5.16.10. The USB Gadget subsystem lacks certain validation
  of interface OS descriptor requests (ones with a large array index and
  ones associated with NULL function pointer retrieval). Memory corruption
  might occur (CVE-2022-25258).

  An issue was discovered in drivers/usb/gadget/function/rndis.c in the
  Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of
  the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive
  information from kernel memory (CVE-2022-25375).

  net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10
  allows local users to gain privileges because of a heap out-of-bounds
  write. This is related to nf_tables_offload (CVE-2022-25636).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30139
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26

Keywords: (none) => advisory

Comment 2 PC LX 2022-03-09 10:41:18 CET 
In the "Core Updates Testing" repository, I'm seeing kernel version 5.15.27 instead of the mentioned above 5.15.26. Please clarify if the 5.15.27 are to be tested or is there an issue that needs to be corrected.

  cpupower                       5.15.27      1.mga8        x86_64  
  kernel-desktop-5.15.27-1.mga8  1            1.mga8        x86_64                                    
  kernel-desktop-devel-5.15.27-> 1            1.mga8        x86_64                                    
  kernel-desktop-devel-latest    5.15.27      1.mga8        x86_64                                    
  kernel-desktop-latest          5.15.27      1.mga8        x86_64                                       
  kernel-userspace-headers       5.15.27      1.mga8        x86_64                                       
  perf                           5.15.27      1.mga8        x86_64

CC: (none) => mageia

Comment 3 Len Lawrence 2022-03-09 12:06:25 CET 
That is odd.  Pasting the list into qarepo and updating downloads the 5.15.26 RPMs and installation continues to run smoothly after that.

CC: (none) => tarazed25

Comment 4 Len Lawrence 2022-03-09 12:40:02 CET 
Continuing from comment 3.
 rpm -q kernel-linus-latest
kernel-linus-latest-5.15.26-1.mga8

No menu entry at reboot so had to run `sudo drakboot --boot` and reboot.
Everything running normally in Mate except bluetooth - had to remove audio device and repeat search and connect sequence to recover it.  This happens now and again with kernel tests.  Networking OK, desktop applications.

Leaving this to run for a day or two.  
Mobo: MSI model: Z97-G43 
Quad Core Intel Core i7-4790
NVIDIA GM204 [GeForce GTX 970]
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet - r8169
Comment 5 Thomas Backlund 2022-03-09 13:33:22 CET 
(In reply to PC LX from comment #2)
> In the "Core Updates Testing" repository, I'm seeing kernel version 5.15.27
> instead of the mentioned above 5.15.26. Please clarify if the 5.15.27 are to
> be tested or is there an issue that needs to be corrected.

Those are new test-kernels for the Spectre-BHB / BHI issue that went public yesterday, but this report is about kernel-*linus*-5.15.26
Comment 6 Thomas Backlund 2022-03-09 17:20:49 CET 
Thanks for the test, 

Flushing out due to the critical security issue...

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2022-03-09 18:03:59 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0095.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.