Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0042)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0042

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0042)

Zusammenfassung: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0042 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0042 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.15.18 and fixes at least the
following security issues:

A random memory access flaw was found in the Linux kernels GPU i915 kernel
driver functionality in the way a user may run malicious code on the GPU.
This flaw allows a local user to crash the system or escalate their
privileges on the system (CVE-2022-0330).

A use-after-free flaw was found in the Linux kernels
vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/
vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user
privileges to cause a privilege escalation problem (CVE-2022-22942).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel-linus' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-0330
https://bugzilla.redhat.com/show_bug.cgi?id=2042404
https://www.openwall.com/lists/oss-security/2022/01/25/12
http://www.openwall.com/lists/oss-security/2022/11/30/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-22942
https://github.com/vmware/photon/wiki/Security-Update-3.0-356
https://github.com/vmware/photon/wiki/Security-Update-4.0-148
https://www.openwall.com/lists/oss-security/2022/01/27/4

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0042
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0042)
Zusammenfassung:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0042 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0042 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.15.18 and fixes at least the following security issues: A random memory access flaw was found in the Linux kernels GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system (CVE-2022-0330). A use-after-free flaw was found in the Linux kernels vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/ vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem (CVE-2022-22942). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0330 https://bugzilla.redhat.com/show_bug.cgi?id=2042404 https://www.openwall.com/lists/oss-security/2022/01/25/12 http://www.openwall.com/lists/oss-security/2022/11/30/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-22942 https://github.com/vmware/photon/wiki/Security-Update-3.0-356 https://github.com/vmware/photon/wiki/Security-Update-4.0-148 https://www.openwall.com/lists/oss-security/2022/01/27/4
Copyright	Copyright (C) 2022 Greenbone AG