{"id":"MGASA-2022-0195","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.15.41 and fixes at least the\nfollowing security issues:\n\nA flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading\nto a possible out-of-bounds memory write in the Linux kernel BPF subsystem\ndue to the way a user loads BTF. This flaw allows a local user to crash or\nescalate their privileges on the system. NOTE: Mageia kernels by default\nprevents unprivileged users from being able to use eBPF so this would\nrequire a privileged user with CAP_SYS_ADMIN or root to be able to abuse\nthis flaw reducing its attack space (CVE-2022-0500).\n\nDue to the small table perturb size, a memory leak flaw was found in the\nLinux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c\nfunction. This flaw allows an attacker to leak information and may cause\na denial of service (CVE-2022-1012).\n\nA flaw was found in the Linux kernel’s nfcmrvl_nci_unregister_dev()\nfunction. A race condition leads to a use-after-free issue when simulating\nthe NFC device from the user space (CVE-2022-1734).\n\nA flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the\nkernel/bpf/verifier.c function. In this flaw, a missing sanity check for\n*_OR_NULL pointer types that perform pointer arithmetic may cause a kernel\ninformation leak issue. NOTE: Mageia kernels by default prevents\nunprivileged users from being able to use eBPF so this would require a\nprivileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw\nreducing its attack space (CVE-2022-23222).\n\nThe SUNRPC subsystem in the Linux kernel through 5.17.2 can call\nxs_xprt_free before ensuring that sockets are in the intended state\n(CVE-2022-28893).\n\nImproper Update of Reference Count vulnerability in net/sched of Linux\nKernel allows local attacker to cause privilege escalation to root\n(CVE-2022-29581).\n\nFor other upstream fixes, see the referenced changelogs.\n","modified":"2026-04-16T00:10:23.102532068Z","published":"2022-05-21T08:50:18Z","upstream":["CVE-2022-0500","CVE-2022-1012","CVE-2022-1734","CVE-2022-23222","CVE-2022-28893","CVE-2022-29581"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0195.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30436"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.36"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.37"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.38"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.39"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.40"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.41"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.41-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0195.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}