English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2022.0021
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2022-0021)
Summary:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0021 advisory.
Description:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0021 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.15.15 and fixes at least the
following security issues:

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS
filesystem allowed for size increase of files with unaligned size. A
local attacker could use this flaw to leak data on the XFS filesystem
otherwise not accessible to them (CVE-2021-4155).

An unprivileged write to the file handler flaw in the Linux kernel's
control groups and namespaces subsystem was found in the way users have
access to some less privileged process that are controlled by cgroups and
have higher privileged parent process. It is actually both for cgroup2
and cgroup1 versions of control groups. A local user could use this flaw
to crash the system or escalate their privileges on the system
(CVE-2021-4197).

Lack of proper validation of user-supplied eBPF programs prior to executing
them. An attacker can leverage this vulnerability to escalate privileges
and execute code in the context of the kernel (CVE-2021-4204).

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in
the Linux kernel through 5.15.11. This occurs because of a race condition
in tee_shm_get_from_id during an attempt to free a shared memory object
(CVE-2021-44733).

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8
has a refcount leak (CVE-2021-45095).

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8,
sometimes communicates in cleartext even though encryption has been enabled.
This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using
the SMB 3.1.1 protocol, which is a violation of the SMB protocol
specification. When Windows 10 detects this protocol violation, it disables
encryption (CVE-2021-45100).

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local
users to gain privileges because of the availability of pointer arithmetic
via certain *_OR_NULL pointer types (CVE-2022-23222).

In addition to the upstream changes, we also have changed the following:
- iwlwifi: mvm: check if SAR GEO is supported before sending command
- select: Fix indefinitely sleeping task in poll_schedule_timeout()
- ALSA: hda: Add AlderLake-N/P PCI ID
- enable NF_TABLES_INET, NFT_REJECT_INET and NFT_FIB_INET (mga#29852)
- disable CIFS_SMB_DIRECT on desktop kernels as it makes loading cifs
deps fail on some setups (mga#29784)
- disable unprivileged bpf by default to mitigate other potential security
issues with bpf

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-4155
https://access.redhat.com/security/cve/CVE-2021-4155
https://bugzilla.redhat.com/show_bug.cgi?id=2034813
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79
https://security-tracker.debian.org/tracker/CVE-2021-4155
https://www.openwall.com/lists/oss-security/2022/01/10/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-4197
https://security.netapp.com/advisory/ntap-20220602-0006/
Debian Security Information: DSA-5127 (Google Search)
https://www.debian.org/security/2022/dsa-5127
Debian Security Information: DSA-5173 (Google Search)
https://www.debian.org/security/2022/dsa-5173
https://bugzilla.redhat.com/show_bug.cgi?id=2035652
https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
https://www.oracle.com/security-alerts/cpujul2022.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-4204
https://access.redhat.com/security/cve/CVE-2021-4204
https://bugzilla.redhat.com/show_bug.cgi?id=2039178
https://security-tracker.debian.org/tracker/CVE-2021-4204
https://security.netapp.com/advisory/ntap-20221228-0003/
https://www.openwall.com/lists/oss-security/2022/01/11/4
Common Vulnerability Exposure (CVE) ID: CVE-2021-44733
Debian Security Information: DSA-5096 (Google Search)
https://www.debian.org/security/2022/dsa-5096
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c
https://github.com/pjlantz/optee-qemu/blob/main/README.md
https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-45095
Debian Security Information: DSA-5050 (Google Search)
https://www.debian.org/security/2022/dsa-5050
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0
https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-45100
https://github.com/cifsd-team/ksmbd/issues/550
https://github.com/cifsd-team/ksmbd/pull/551
https://marc.info/?l=linux-kernel&m=163961726017023&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2022-23222
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCR3LIRUEXR7CA63W5M2HT3K63MZGKBR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5VTIZZUPC73IEJNZX66BY2YCBRZAELB/
https://bugzilla.suse.com/show_bug.cgi?id=1194765
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=64620e0a1e712a778095bd35cbb277dc2259281f
https://www.openwall.com/lists/oss-security/2022/01/13/1
http://www.openwall.com/lists/oss-security/2022/01/14/1
http://www.openwall.com/lists/oss-security/2022/01/18/2
http://www.openwall.com/lists/oss-security/2022/06/01/1
http://www.openwall.com/lists/oss-security/2022/06/04/3
http://www.openwall.com/lists/oss-security/2022/06/07/3
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.