{"id":"MGASA-2022-0478","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 5.15.82 and fixes atleast the\nfollowing security issues:\n\nA flaw was found in the Linux kernel. A denial of service flaw may occur\nif there is a consecutive request of the NVME_IOCTL_RESET and the\nNVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting\nin a PCIe link disconnect (CVE-2022-3169).\n\nA flaw was found in the KVM's AMD nested virtualization (SVM). A malicious\nL1 guest could purposely fail to intercept the shutdown of a cooperative\nnested guest (L2), possibly leading to a page fault and kernel panic in\nthe host (L0) (CVE-2022-3344).\n\nA vulnerability has been found in Linux Kernel function kcm_tx_work of the\nfile net/kcm/kcmsock.c of the component kcm. The manipulation leads to race\ncondition (CVE-2022-3521).\n\nAn incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel\ndriver, potentially leading to random memory corruption or data leaks. This\nflaw could allow a local user to crash the system or escalate their\nprivileges on the system (CVE-2022-4139).\n\nA stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in\nhow a user changes certain kernel parameters and variables. This flaw\nallows a local user to crash or potentially escalate their privileges on the\nsystem (CVE-2022-4378).\n\nA race condition in the x86 KVM subsystem in the Linux kernel allows guest\nOS users to cause a denial of service (host OS crash or host OS memory\ncorruption) when nested virtualisation and the TDP MMU are enabled\n(CVE-2022-45869).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T04:43:53.975381569Z","published":"2022-12-17T23:55:57Z","upstream":["CVE-2022-3169","CVE-2022-3344","CVE-2022-3521","CVE-2022-3643","CVE-2022-4139","CVE-2022-4378","CVE-2022-45869"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0478.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31261"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.80"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.81"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.82-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0478.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}