VDB
GCVE-110-MAGEIA-2022-155
GCVE-110-MAGEIA-2022-155
Advisory Published
This kernel-linus update is based on upstream 5.15.35 and fixes at least the
following security issues:
A denial of service (DOS) issue was found in the Linux kernel
smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
File System (CIFS) due to an incorrect return from the memdup_user function.
This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the
system (CVE-2022-0168).
x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region
(CVE-2022-1158).
A use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow
attacker to crash linux kernel by simulating Amateur Radio from user-space
(CVE-2022-1198).
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25
protocol functionality in the way a user connects with the protocol. This
flaw allows a local user to crash the system (CVE-2022-1204).
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur
Radio AX.25 protocol functionality in the way a user connects with the
protocol. This flaw allows a local user to crash the system
(CVE-2022-1205).
A null pointer dereference was found in the kvm module which can lead to
denial of service (CVE-2022-1263).
A vulnerability was found in the pfkey_register function in net/key/af_key.c
in the Linux kernel. This flaw allows a local, unprivileged user to gain
access to kernel memory, leading to a system crash or a leak of internal
kernel information (CVE-2022-1353).
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28388).
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28389).
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28390).
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due
to a race condition in io_uring timeouts. This can be triggered by a local
user who has no access to any user namespace (CVE-2022-29582).
For other upstream fixes, see the referenced changelogs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libreoffice | 0 (affected), 7.4.3.2-1.mga8 (unaffected) | — |
| Mageia | kernel-linus | 0 (affected), 5.15.35-1.mga8 (unaffected), 0 (affected), 5.15.35-1.mga8 (unaffected) | — |
References
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.