{"id":"MGASA-2022-0155","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.15.35 and fixes at least the\nfollowing security issues:\n\nA denial of service (DOS) issue was found in the Linux kernel \nsmb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet\nFile System (CIFS) due to an incorrect return from the memdup_user function.\nThis flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the\nsystem (CVE-2022-0168).\n\nx86/kvm: cmpxchg_gpte can write to pfns outside the userspace region\n(CVE-2022-1158).\n\nA use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow\nattacker to crash linux kernel by simulating Amateur Radio from user-space\n(CVE-2022-1198).\n\nA use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25\nprotocol functionality in the way a user connects with the protocol. This\nflaw allows a local user to crash the system (CVE-2022-1204).\n\nA NULL pointer dereference flaw was found in the Linux kernel’s Amateur\nRadio AX.25 protocol functionality in the way a user connects with the\nprotocol. This flaw allows a local user to crash the system\n(CVE-2022-1205).\n\nA null pointer dereference was found in the kvm module which can lead to\ndenial of service (CVE-2022-1263).\n\nA vulnerability was found in the pfkey_register function in net/key/af_key.c\nin the Linux kernel. This flaw allows a local, unprivileged user to gain\naccess to kernel memory, leading to a system crash or a leak of internal\nkernel information (CVE-2022-1353).\n\nusb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel\nthrough 5.17.1 has a double free (CVE-2022-28388).\n\nmcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel\nthrough 5.17.1 has a double free (CVE-2022-28389).\n\nems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel\nthrough 5.17.1 has a double free (CVE-2022-28390).\n\nIn the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due\nto a race condition in io_uring timeouts. This can be triggered by a local\nuser who has no access to any user namespace (CVE-2022-29582).\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-01-30T10:49:20.330326Z","published":"2022-04-28T15:51:51Z","related":["CVE-2022-0168","CVE-2022-1158","CVE-2022-1198","CVE-2022-1204","CVE-2022-1205","CVE-2022-1263","CVE-2022-1353","CVE-2022-28388","CVE-2022-28389","CVE-2022-28390","CVE-2022-29582"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0155.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30331"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.35"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.35-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0155.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}