Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2023.0087
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2023-0087)
Zusammenfassung:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2023-0087 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2023-0087 advisory. Vulnerability Insight: This kernel update is based on upstream 5.15.98 and fixes at least the following security issues: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine (CVE-2022-2196). A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system (CVE-2022-3707). A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service (CVE-2022-4129). A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side (CVE-2022-4382). A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system (CVE-2022-4842). When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure (CVE-2022-27672). A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution (CVE-2023-0179). A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash (CVE-2023-0394). A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2023-1073). A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service (CVE-2023-1074). rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078). An integer overflow flaw was found in the Linux kernel's wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-2196 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 https://kernel.dance/#2e7eab81425a https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2022-27672 https://security.gentoo.org/glsa/202402-07 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045 Common Vulnerability Exposure (CVE) ID: CVE-2022-3707 https://bugzilla.redhat.com/show_bug.cgi?id=2137979 https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/ https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2022-4129 FEDORA-2022-24041b1667 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/ FEDORA-2022-b36cd53dca https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/ FEDORA-2022-e4460c41bc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/ https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t Common Vulnerability Exposure (CVE) ID: CVE-2022-4382 https://www.openwall.com/lists/oss-security/2022/12/14/5 Common Vulnerability Exposure (CVE) ID: CVE-2022-4842 https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af@paragon-software.com/T/#t Common Vulnerability Exposure (CVE) ID: CVE-2023-0179 http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2161713 https://seclists.org/oss-sec/2023/q1/20 Common Vulnerability Exposure (CVE) ID: CVE-2023-0394 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17 https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2023-1073 https://bugzilla.redhat.com/show_bug.cgi?id=2173403 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456 https://www.openwall.com/lists/osssecurity/2023/01/17/3 http://www.openwall.com/lists/oss-security/2023/11/05/3 http://www.openwall.com/lists/oss-security/2023/11/05/2 Common Vulnerability Exposure (CVE) ID: CVE-2023-1074 https://bugzilla.redhat.com/show_bug.cgi?id=2173430 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f https://www.openwall.com/lists/oss-security/2023/01/23/1 http://www.openwall.com/lists/oss-security/2023/11/05/4 Common Vulnerability Exposure (CVE) ID: CVE-2023-1078 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d http://www.openwall.com/lists/oss-security/2023/11/05/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-23559 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/ Common Vulnerability Exposure (CVE) ID: CVE-2023-26545 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.