Description: "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system." https://seclists.org/oss-sec/2022/q1/55
Fixed versions: >=5.15.16 >=5.10.93 >=5.4.173 Earlier branches not affected.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=693263a0b9dc61f1d7d025fe955ea6a925945e3f commit 693263a0b9dc61f1d7d025fe955ea6a925945e3f Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-01-20 18:22:27 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-01-20 18:22:27 +0000 sys-kernel/gentoo-sources: Auto-stabilize due to security issue Bug: https://bugs.gentoo.org/831606 See: https://wiki.gentoo.org/wiki/Project:Kernel#Kernel_stabilization Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 15 ------------ .../gentoo-sources/gentoo-sources-5.4.168.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.4.169.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.4.170.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.4.171.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.4.172.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.4.173.ebuild | 2 +- 7 files changed, 1 insertion(+), 156 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d25d4f3a21e942b0d939fef3d0d79d043986ef1 commit 2d25d4f3a21e942b0d939fef3d0d79d043986ef1 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-01-20 18:24:04 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-01-20 18:24:04 +0000 sys-kernel/gentoo-sources: Auto-stabilize 5.10.93 due to security issue Bug: https://bugs.gentoo.org/831606 See: https://wiki.gentoo.org/wiki/Project:Kernel#Kernel_stabilization Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 15 ------------ .../gentoo-sources/gentoo-sources-5.10.88.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.10.89.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.10.90.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.10.91.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.10.92.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.10.93.ebuild | 2 +- 7 files changed, 1 insertion(+), 156 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67928dc1c2fc3938981081325e97cf1ee459cb9f commit 67928dc1c2fc3938981081325e97cf1ee459cb9f Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-01-20 18:26:02 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-01-20 18:26:02 +0000 sys-kernel/gentoo-sources: Auto-stabilize 5.15.16 due to security issue Bug: https://bugs.gentoo.org/831606 See: https://wiki.gentoo.org/wiki/Project:Kernel#Kernel_stabilization Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 15 ------------ .../gentoo-sources/gentoo-sources-5.15.11.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.12.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.13.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.14.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.15.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.16.ebuild | 2 +- 7 files changed, 1 insertion(+), 156 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8ccda939720fd542e1c393d0819ee05a52f537 commit 3f8ccda939720fd542e1c393d0819ee05a52f537 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-01-23 09:11:25 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-01-23 09:13:44 +0000 sys-kernel/pf-sources: add 5.15.{14..16} patches for CAP_SYS_ADMIN Bug: https://bugs.gentoo.org/831606 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-kernel/pf-sources/Manifest | 3 + sys-kernel/pf-sources/pf-sources-5.15_p6-r1.ebuild | 82 ++++++++++++++++++++++ 2 files changed, 85 insertions(+)
Stabled and cleaned up, all done.