|
|
Subscribe / Log in / New account

Mageia alert MGASA-2022-0242 (kernel)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2022-0242: Updated kernel packages fix security vulnerabilities


Date:
              Wed, 29 Jun 2022 18:19:10 +0200


Message-ID:
              <20220629161910.D7B909F9B0@duvel.mageia.org>


Archive-link:
              Article


MGASA-2022-0242 - Updated kernel packages fix security vulnerabilities

Publication date: 29 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0242.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-21123,
     CVE-2022-21125,
     CVE-2022-21127,
     CVE-2022-21166

Description:
This kernel update is based on upstream 5.15.50 and fixes at least the
following security issues:

Incomplete cleanup of multi-core shared buffers for some Intel Processors
may allow an authenticated user to potentially enable information disclosure
via local access (CVE-2022-21123).

Incomplete cleanup of microarchitectural fill buffers on some Intel
Processors may allow an authenticated user to potentially enable information
disclosure via local access (CVE-2022-21125).

Incomplete cleanup in specific special register read operations for some
Intel Processors may allow an authenticated user to potentially enable
information disclosure via local access (CVE-2022-21127, CVE-2022-21166).

For other upstream fixes, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=30563
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5....
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5....
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5....
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5....
- https://www.intel.com/content/www/us/en/security-center/a...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2...

SRPMS:
- 8/core/kernel-5.15.50-1.mga8
- 8/core/kmod-virtualbox-6.1.34-1.20.mga8
- 8/core/kmod-xtables-addons-3.20-1.20.mga8
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds