{"id":"MGASA-2023-0238","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.15.120 and fixes atleast\nthe following security issues:\n\nA flaw null pointer dereference in the Linux kernel DECnet networking\nprotocol was found. A remote user could use this flaw to crash the\nsystem. This is fixed by removing DECnet support (CVE-2023-3338).\n\nA use-after-free vulnerability was found in the Linux kernel's netfilter\nsubsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with\nNFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same\ntransaction causing a use-after-free vulnerability. This flaw allows a\nlocal attacker with user access to cause a privilege escalation issue\n(CVE-2023-3390).\n\nNOTE!!\nThis kernel also contains a fix for dkms builds hanging / stalling during\nupgrade to Mageia 9 (mga#31982) due to the new make 4.4 series utility\nending up in a loop processing Makefile in kernel-devel packages.\nSo if you use dkms packaged drivers and kernel-linus, you need to be\nrunning this kernel (or any later released ones) before you do an online\nupgrade to avoid the upgrade stalling / hanging.\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-02-01T22:17:37.731833Z","published":"2023-07-19T19:53:31Z","related":["CVE-2023-3338","CVE-2023-3390"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0238.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32094"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31982"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.118"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.119"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.120"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.120-2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0238.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}