dsa-texts/5.10.92-1


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

Source: linux
CVE ID: CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222
Debian Bug: 988044 996974

Several vulnerabilities have been discovered in the Linux kernel
that may lead to a privilege escalation, denial of service or
information leaks.

CVE-2021-4155

        Kirill Tkhai discovered a data leak in the way the
        XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size
        increase of files with unaligned size. A local attacker can take
        advantage of this flaw to leak data on the XFS filesystem.

CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)

        Juergen Gross reported that malicious PV backends can cause a
        denial of service to guests being serviced by those backends via
        high frequency events, even if those backends are running in a
        less privileged environment.
        
CVE-2021-28714, CVE-2021-28715 (XSA-392)

        Juergen Gross discovered that Xen guests can force the Linux
        netback driver to hog large amounts of kernel memory, resulting
        in denial of service.

CVE-2021-39685

        Szymon Heidrich discovered a buffer overflow vulnerability in
        the USB gadget subsystem, resulting in information disclosure,
        denial of service or privilege escalation.

CVE-2021-45095

        It was discovered that the Phone Network protocol (PhoNet)
        driver has a reference count leak in the pep_sock_accept()
        function.

CVE-2021-45469

        Wenqing Liu reported an out-of-bounds memory access
        in the f2fs implementation if an inode has an
        invalid last xattr entry. An attacker able to mount a
        specially crafted image can take advantage of this flaw for
        denial of service.

CVE-2021-45480

        A memory leak flaw was discovered in the __rds_conn_create()
        function in the RDS (Reliable Datagram Sockets) protocol
        subsystem.

CVE-2022-0185

        William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis,
        Hrvoje Misetic and Philip Papurt discovered a heap-based buffer
        overflow flaw in the legacy_parse_param function in the
        Filesystem Context functionality, allowing an local user (with
        CAP_SYS_ADMIN capability in the current namespace) to escalate
        privileges.
        
CVE-2022-23222

        'tr3e' discovered that the BPF verifier does not properly
        restrict several *_OR_NULL pointer types allowing these types to
        do pointer arithmetic. A local user with the ability to call
        bpf(), can take advantage of this flaw to excalate privileges.
        Unprivileged calls to bpf() are disabled by default in Debian,
        mitigating this flaw.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.92-1. This version includes changes which were aimed to
land in the next Debian bullseye point release.