{"id":"MGASA-2022-0194","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 5.15.41 and fixes at least the\nfollowing security issues:\n\nA flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading\nto a possible out-of-bounds memory write in the Linux kernel BPF subsystem\ndue to the way a user loads BTF. This flaw allows a local user to crash or\nescalate their privileges on the system. NOTE: Mageia kernels by default\nprevents unprivileged users from being able to use eBPF so this would\nrequire a privileged user with CAP_SYS_ADMIN or root to be able to abuse\nthis flaw reducing its attack space (CVE-2022-0500).\n\nDue to the small table perturb size, a memory leak flaw was found in the\nLinux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c\nfunction. This flaw allows an attacker to leak information and may cause\na denial of service (CVE-2022-1012).\n\nA flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev()\nfunction. A race condition leads to a use-after-free issue when simulating\nthe NFC device from the user space (CVE-2022-1734).\n\nA flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the\nkernel/bpf/verifier.c function. In this flaw, a missing sanity check for\n*_OR_NULL pointer types that perform pointer arithmetic may cause a kernel\ninformation leak issue. NOTE: Mageia kernels by default prevents\nunprivileged users from being able to use eBPF so this would require a\nprivileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw\nreducing its attack space (CVE-2022-23222).\n\nThe SUNRPC subsystem in the Linux kernel through 5.17.2 can call\nxs_xprt_free before ensuring that sockets are in the intended state\n(CVE-2022-28893).\n\nImproper Update of Reference Count vulnerability in net/sched of Linux\nKernel allows local attacker to cause privilege escalation to root\n(CVE-2022-29581).\n\nOther fixes in this update:\n- nfsd: Fix a write performance regression\n- x86/mm: Include spinlock_t definition in pgtable.h\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-01-30T18:54:35.713461Z","published":"2022-05-21T08:50:18Z","related":["CVE-2022-0500","CVE-2022-1012","CVE-2022-1734","CVE-2022-23222","CVE-2022-28893","CVE-2022-29581"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0194.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30435"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.41-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0194.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.34-1.7.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0194.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20-1.3.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0194.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}