{"id":"MGASA-2023-0295","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream 6.4.16 and fixes or adds\nmitigations for atleast the following security issues:\n\nA flaw was found in the Linux Kernel. The tun/tap sockets have their\nsocket UID hardcoded to 0 due to a type confusion in their\ninitialization function. While it will be often correct, as tuntap\ndevices require CAP_NET_ADMIN, it may not always be the case, e.g., a\nnon-root user only having that capability. This would make tun/tap\nsockets being incorrectly treated in filtering/routing decisions,\npossibly bypassing network filters. CVE-2023-1076\n\nA flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the\nLinux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs\ncan trigger a double fetch race condition vulnerability and invoke the\n`VMGEXIT` handler recursively. If an attacker manages to call the\nhandler multiple times, they can trigger a stack overflow and cause a\ndenial of service or potentially guest-to-host escape in kernel\nconfigurations without stack guard pages (`CONFIG_VMAP_STACK`).\nCVE-2023-4155\n\nA use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\ncomponent can be exploited to achieve local privilege escalation. When\nthe plug qdisc is used as a class of the qfq qdisc, sending network\npackets triggers use-after-free in qfq_dequeue() due to the incorrect\n.peek handler of sch_plug and lack of error checking in agg_dequeue().\nWe recommend upgrading past commit\n8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921\n\nA use-after-free vulnerability in the Linux kernel's netfilter:\nnf_tables component can be exploited to achieve local privilege\nescalation. Addition and removal of rules from chain bindings within the\nsame transaction causes leads to use-after-free. We recommend upgrading\npast commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. CVE-2023-5197\n\nImproper access control in the Intel(R) Ethernet Controller RDMA driver\nfor linux before version 1.9.30 may allow an unauthenticated user to\npotentially enable escalation of privilege via network access.\nCVE-2023-25775\n\nA NULL pointer dereference flaw was found in the Linux kernel ipv4\nstack. The socket buffer (skb) was assumed to be associated with a\ndevice before calling __ip_options_compile, which is not always the case\nif the skb is re-routed by ipvs. This issue may allow a local user with\nCAP_NET_ADMIN privileges to crash the system. CVE-2023-42754\n\nA flaw was found in the Netfilter subsystem of the Linux kernel. A race\ncondition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel\npanic due to the invocation of `__ip_set_put` on a wrong `set`. This\nissue may allow a local user to crash the system. CVE-2023-42756\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T00:12:06.939594642Z","published":"2023-10-22T21:04:51Z","upstream":["CVE-2023-1076","CVE-2023-25775","CVE-2023-4155","CVE-2023-42754","CVE-2023-42756","CVE-2023-4921","CVE-2023-5197"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0295.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32296"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.11"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.13"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.14"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.15"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.4.16-3.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0295.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.10-33.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0295.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.24-48.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0295.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}