Fedora Linux 8644 Published by

A kernel security update has been released for Fedora 36.

SECURITY: Fedora 36 Update: kernel-5.19.15-201.fc36

Fedora Update Notification
2022-10-14 12:57:09.362809

Name : kernel
Product : Fedora 36
Version : 5.19.15
Release : 201.fc36
URL :   https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

Update Information:

The 101/201/301 builds of the 5.19.15 kernel contain fixes for some wireless
network vulnerabilities and a couple of important arm bug fixes. ---- The
5.19.15 stable kernel update contains a number of important fixes across the

* Thu Oct 13 2022 Justin M. Forbes [5.19.15-1]
- Bump for build (Justin M. Forbes)
- mctp: prevent double key removal and unref (Jeremy Kerr)
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg)
- wifi: mac80211: fix crash in beacon protection for P2P-device (Johannes Berg)
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg)
- wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg)
- wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg)
- wifi: cfg80211: ensure length byte is present before access (Johannes Berg)
- wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg)
- wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg)
- wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg)
- drm/vc4: hdmi: Check the HSM rate at runtime_resume (Maxime Ripard)
- drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (Maxime Ripard)
- phy: rockchip-inno-usb2: Return zero after otg sync (Peter Geis)
* Wed Oct 12 2022 Justin M. Forbes [5.19.15-0]
- scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds)
- ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern)
- Linux v5.19.15

[ 1 ] Bug #2128462 - CVE-2022-40768 kernel: leak of sensitive information due to uninitialized data in stex_queuecommand_lck() in drivers/scsi/stex.c
[ 2 ] Bug #2133490 - CVE-2022-3435 kernel: an out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c
[ 3 ] Bug #2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
[ 4 ] Bug #2134440 - CVE-2022-42719 kernel: A use-after-free problem observed in multi-BSSID element when parsing
[ 5 ] Bug #2134451 - CVE-2022-42720 kernel: A use-after-free problem was observed in bss_ref_get in net/wireless/scan.c
[ 6 ] Bug #2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
[ 7 ] Bug #2134517 - CVE-2022-42722 Kernel: Denial of service in beacon protection for P2P-device

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-2cfbe17910' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at