MGASA-2022-0478

This kernel-linus update is based on upstream 5.15.82 and fixes atleast the following security issues:

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect (CVE-2022-3169).

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0) (CVE-2022-3344).

A vulnerability has been found in Linux Kernel function kcmtxwork of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition (CVE-2022-3521).

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system (CVE-2022-4139).

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-4378).

A race condition in the x86 KVM subsystem in the Linux kernel allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled (CVE-2022-45869).

For other upstream fixes in this update, see the referenced changelogs.