{"id":"MGASA-2022-0477","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 5.15.82 and fixes atleast the\nfollowing security issues:\n\nA flaw was found in the Linux kernel. A denial of service flaw may occur\nif there is a consecutive request of the NVME_IOCTL_RESET and the\nNVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\nin a PCIe link disconnect (CVE-2022-3169).\n\nA flaw was found in the KVM's AMD nested virtualization (SVM). A malicious\nL1 guest could purposely fail to intercept the shutdown of a cooperative\nnested guest (L2), possibly leading to a page fault and kernel panic in\nthe host (L0) (CVE-2022-3344).\n\nA vulnerability has been found in Linux Kernel function kcm_tx_work of the\nfile net/kcm/kcmsock.c of the component kcm. The manipulation leads to race\ncondition (CVE-2022-3521).\n\nGuests can trigger NIC interface reset/abort/crash via netback. It is\npossible for a guest to trigger a NIC interface reset/abort/crash in a\nLinux based network backend by sending certain kinds of packets. It appears\nto be an (unwritten?) assumption in the rest of the Linux network stack\nthat packet  protocol headers are all contained within the linear section\nof the SKB and some NICs behave badly if this is not the case. This has\nbeen reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780\n(bnx2x) though it may be an issue with other NICs/drivers as well. In case\nthe frontend is sending requests with split headers, netback will forward\nthose violating above mentioned assumption to the networking core,\nresulting in said misbehavior (CVE-2022-3643, XSA-423).\n\nAn incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel\ndriver, potentially leading to random memory corruption or data leaks. This\nflaw could allow a local user to crash the system or escalate their\nprivileges on the system (CVE-2022-4139).\n\nA stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in\nhow a user changes certain kernel parameters and variables. This flaw\nallows a local user to crash or potentially escalate their privileges on the\nsystem (CVE-2022-4378).\n\nThe patch for XSA-392 introduced another issue which might result in\na deadlock when trying to free the SKB of a packet dropped due to\nthe XSA-392 handling (CVE-2022-42328, XSA-424).\nAdditionally when dropping packages for other reasons the same\ndeadlock could occur in case of netpoll being active for the interface\nthe xen-netback driver is connected to (CVE-2022-42329, XSA-424).\n\nA race condition in the x86 KVM subsystem in the Linux kernel allows guest\nOS users to cause a denial of service (host OS crash or host OS memory\ncorruption) when nested virtualisation and the TDP MMU are enabled\n(CVE-2022-45869).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-01-30T09:41:11.099511Z","published":"2022-12-17T23:55:57Z","related":["CVE-2022-3169","CVE-2022-3344","CVE-2022-3521","CVE-2022-3643","CVE-2022-4139","CVE-2022-42328","CVE-2022-42329","CVE-2022-4378","CVE-2022-45869"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0477.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31260"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.80"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82"},{"type":"REPORT","url":"https://xenbits.xenproject.org/xsa/advisory-423.txt"},{"type":"REPORT","url":"https://xenbits.xenproject.org/xsa/advisory-424.txt"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.82-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0477.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.4-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0477.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21-1.8.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0477.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}