Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0324)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0324

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0324)

Resumen: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0324 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0324 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.15.65 and fixes at least the
following security issues:

An out-of-bounds memory read flaw was found in the Linux kernel's BPF
subsystem in how a user calls the bpf_tail_call function with a key
larger than the max_entries of the map. This flaw allows a local user
to gain unauthorized access to data (CVE-2022-2905).

A race condition was found in the Linux kernel's IP framework for
transforming packets (XFRM subsystem) when multiple calls to
xfrm_probe_algs occurred simultaneously. This flaw could allow a local
attacker to potentially trigger an out-of-bounds write or leak kernel
heap memory by performing an out-of-bounds read and copying it into a
socket (CVE-2022-3028).

There exists a use-after-free in io_uring in the Linux kernel.
Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the
current task. It will send a POLLFREE notification to all waiters before
the queue is freed. Unfortunately, the io_uring poll doesn't handle
POLLFREE. This allows a use-after-free to occur if a signalfd or binder
fd is polled with io_uring poll, and the waitqueue gets freed
(CVE-2022-3176).

An issue was discovered in net/netfilter/nf_tables_api.c in the kernel
before 5.19.6. A denial of service can occur upon binding to an already
bound chain (CVE-2022-39190).

mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related
to leaf anon_vma double reuse (CVE-2022-42703).

Other fixes in this update:
- A fix for an issue causing excessive logging (mga#30779) due to an
upstream change that was included in the 5.15.62 kernel update released
as MGASA-2022-0305.
- bpf, cgroup: Fix kernel BUG in purge_effective_progs
- bpf: Restrict bpf_sys_bpf to CAP_PERFMON
- Revert 'xhci: turn off port power in shutdown' as it causes some systems
to hang on shutdown.

For other upstream fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-2905
https://bugzilla.redhat.com/show_bug.cgi?id=2121800
https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-3028
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/
https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-3176
Debian Security Information: DSA-5257 (Google Search)
https://www.debian.org/security/2022/dsa-5257
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659
https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
Common Vulnerability Exposure (CVE) ID: CVE-2022-39190
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6
https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b
https://lore.kernel.org/all/20220824220330.64283-12-pablo@netfilter.org/
https://twitter.com/pr0Ln
Common Vulnerability Exposure (CVE) ID: CVE-2022-42703
https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b
https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0324
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0324)
Resumen:	The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0324 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0324 advisory. Vulnerability Insight: This kernel update is based on upstream 5.15.65 and fixes at least the following security issues: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data (CVE-2022-2905). A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket (CVE-2022-3028). There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed (CVE-2022-3176). An issue was discovered in net/netfilter/nf_tables_api.c in the kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain (CVE-2022-39190). mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse (CVE-2022-42703). Other fixes in this update: - A fix for an issue causing excessive logging (mga#30779) due to an upstream change that was included in the 5.15.62 kernel update released as MGASA-2022-0305. - bpf, cgroup: Fix kernel BUG in purge_effective_progs - bpf: Restrict bpf_sys_bpf to CAP_PERFMON - Revert 'xhci: turn off port power in shutdown' as it causes some systems to hang on shutdown. For other upstream fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-2905 https://bugzilla.redhat.com/show_bug.cgi?id=2121800 https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/ https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2022-3028 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/ https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/ https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2022-3176 Debian Security Information: DSA-5257 (Google Search) https://www.debian.org/security/2022/dsa-5257 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659 Common Vulnerability Exposure (CVE) ID: CVE-2022-39190 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b https://lore.kernel.org/all/20220824220330.64283-12-pablo@netfilter.org/ https://twitter.com/pr0Ln Common Vulnerability Exposure (CVE) ID: CVE-2022-42703 https://bugs.chromium.org/p/project-zero/issues/detail?id=2351 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
Copyright	Copyright (C) 2022 Greenbone AG