Bug 30200 - Update request: kernel-linus-5.15.32-1.mga8
Summary: Update request: kernel-linus-5.15.32-1.mga8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-03-24 09:10 CET by Thomas Backlund
Modified: 2022-03-29 16:26 CEST (History)
1 user (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2022-03-24 09:10:15 CET
Security and bugfixes, advisory will follow

SRPM:
kernel-linus-5.15.31-1.mga8.src.rpm

i586:
kernel-linus-5.15.31-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.31-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.31-1.mga8.i586.rpm
kernel-linus-doc-5.15.31-1.mga8.noarch.rpm
kernel-linus-latest-5.15.31-1.mga8.i586.rpm
kernel-linus-source-5.15.31-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.31-1.mga8.noarch.rpm



x86_64:
kernel-linus-5.15.31-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.31-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.31-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.31-1.mga8.noarch.rpm
kernel-linus-latest-5.15.31-1.mga8.x86_64.rpm
kernel-linus-source-5.15.31-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.31-1.mga8.noarch.rpm
Comment 1 Thomas Backlund 2022-03-24 15:19:12 CET
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2022-0995
 - CVE-2022-1011
 - CVE-2022-27666
src:
  8:
   core:
     - kernel-linus-5.15.31-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.31 and fixes at least
  the following security issues:

  An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s
  watch_queue event notification subsystem. This flaw can overwrite parts
  of the kernel state, potentially allowing a local user to gain privileged
  access or cause a denial of service on the system (CVE-2022-0995).

  A flaw use after free in the Linux kernel FUSE filesystem was found in
  the way user triggers write(). A local user could use this flaw to get
  some unauthorized access to some data from the FUSE filesystem and as
  result potentially privilege escalation too (CVE-2022-1011).

  There is a buffer overflow in ESP transformation in net/ipv4/esp4.c and
  net/ipv6/esp6.c via a large message. In some configurations, local users
  can gain privileges by overwriting kernel heap objects (CVE-2022-27666).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30200
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.30
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.31

Keywords: (none) => advisory

Comment 2 Thomas Backlund 2022-03-25 18:41:08 CET
putting this one on hold too as it's affected by the same ath9k breakage that is reported in the kernel-5.15.31 update bug
https://bugs.mageia.org/show_bug.cgi?id=30199#c9

Keywords: (none) => feedback

Comment 3 Thomas Backlund 2022-03-28 16:59:12 CEST
New set...

SRPM:
kernel-linus-5.15.32-1.mga8.src.rpm


i586:
kernel-linus-5.15.32-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.32-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.32-1.mga8.i586.rpm
kernel-linus-doc-5.15.32-1.mga8.noarch.rpm
kernel-linus-latest-5.15.32-1.mga8.i586.rpm
kernel-linus-source-5.15.32-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.32-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.15.32-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.32-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.32-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.32-1.mga8.noarch.rpm
kernel-linus-latest-5.15.32-1.mga8.x86_64.rpm
kernel-linus-source-5.15.32-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.32-1.mga8.noarch.rpm

Summary: Update request: kernel-linus-5.15.31-1.mga8 => Update request: kernel-linus-5.15.32-1.mga8
Keywords: feedback => (none)

Comment 4 Thomas Backlund 2022-03-28 17:15:06 CEST
Updated advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2022-0995
 - CVE-2022-1011
 - CVE-2022-1048
 - CVE-2022-26490
 - CVE-2022-27666
src:
  8:
   core:
     - kernel-linus-5.15.32-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.32 and fixes at least
  the following security issues:

  An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s
  watch_queue event notification subsystem. This flaw can overwrite parts
  of the kernel state, potentially allowing a local user to gain privileged
  access or cause a denial of service on the system (CVE-2022-0995).

  A flaw use after free in the Linux kernel FUSE filesystem was found in
  the way user triggers write(). A local user could use this flaw to get
  some unauthorized access to some data from the FUSE filesystem and as
  result potentially privilege escalation too (CVE-2022-1011).

  A use-after-free flaw was found in the Linux kernel’s sound subsystem in
  the way a user triggers concurrent calls of PCM hw_params. The hw_free
  ioctls or similar race condition happens inside ALSA PCM for other ioctls.
  This flaw allows a local user to crash or potentially escalate their
  privileges on the system (CVE-2022-1048).

  st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c has
  EVT_TRANSACTION buffer overflows because of untrusted length parameters
  (CVE-2022-26490).

  There is a buffer overflow in ESP transformation in net/ipv4/esp4.c and
  net/ipv6/esp6.c via a large message. In some configurations, local users
  can gain privileges by overwriting kernel heap objects (CVE-2022-27666).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30200
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.30
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.31
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.32
Comment 5 Thomas Backlund 2022-03-29 09:53:29 CEST
Security fixes addendum to advisory

  A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c
  of the netfilter subsystem. This flaw allows a local user to cause an
  out-of-bounds write issue (CVE-2022-1015).

  A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:
  nft_do_chain, which can cause a use-after-free. This issue needs to handle
  'return' with proper preconditions, as it can lead to a kernel information
  leak problem caused by a local, unprivileged attacker (CVE-2022-1016).
Comment 6 Thomas Backlund 2022-03-29 15:40:19 CEST
boots ok on x86_64 here.

Flushing out due to exploits going public

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

Comment 7 Mageia Robot 2022-03-29 16:26:30 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0122.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.