From 92235b606ee1a6f72fc16bcb4adb5e4a31eeb651 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 18 Jan 2022 22:16:16 +0100 Subject: Add initial draft for linux DSA for 5.10.92-1 update --- dsa-texts/5.10.92-1 | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 dsa-texts/5.10.92-1 diff --git a/dsa-texts/5.10.92-1 b/dsa-texts/5.10.92-1 new file mode 100644 index 00000000..e259d6df --- /dev/null +++ b/dsa-texts/5.10.92-1 @@ -0,0 +1,75 @@ +Source: linux +CVE ID: CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222 +Debian Bug: 988044 996974 + +Several vulnerabilities have been discovered in the Linux kernel +that may lead to a privilege escalation, denial of service or +information leaks. + +CVE-2021-4155 + + Kirill Tkhai discovered a data leak flaw in the way the + XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size + increase of files with unaligned size. A local attacker can take + advantage of this flaw to leak data on the XFS filesystem. + +CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391) + + Juergen Gross reported that malicious PV backends can cause a + denial of service to guests being serviced by those backends via + high frequency events, even if those backends are running in a + less privileged environment. + +CVE-2021-28714, CVE-2021-28715 (XSA-392) + + Juergen Gross discovered that Xen Guests can force the Linux + netback driver to hog large amounts of kernel memory, resulting + in denial of service. + +CVE-2021-39685 + + Szymon Heidrich discovered a buffer overflow vulnerability in + the USB Gadget subsystem, resulting in information disclosure, + denial of service or privilege escalation. + +CVE-2021-45095 + + It was discovered that the Phone Network protocol (PhoNet) + driver has a reference count leak in the pep_sock_accept() + function. + +CVE-2021-45469 + + Wenqing Liu reported an out-of-bounds memory access + vulnerability in the f2fs implementation when an inode has an + invalid last xattr entry. An attacker able to mount a + specially crafted image can take advantage of this flaw for + denial of service. + +CVE-2021-45480 + + A memory leak flaw was discovered in the __rds_conn_create() + function in the RDS (Reliable Datagram Sockets) protocol + subsystem. + +CVE-2022-0185 + + William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, + Hrvoje Misetic and Philip Papurt discovered a heap-based buffer + overflow flaw in the legacy_parse_param function in the + Filesystem Context functionality, allowing an local user (with + CAP_SYS_ADMIN capability in the current namespace) to escalate + privileges. + +CVE-2022-23222 + + 'tr3e' discovered that the BPF verifier does not properly + restrict several *_OR_NULL pointer types allowing these types to + do pointer arithmetic. A local user with the ability to call + bpf(), can take advantage of this flaw to excalate privileges. + Unprivileged calls to bpf() are disabled by default in Debian, + mitigating this flaw. + +For the stable distribution (bullseye), these problems have been fixed in +version 5.10.92-1. This version includes changes which were aimed to +land in the next Debian bullseye point release. -- cgit v1.2.3