diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-10-18 19:37:24 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-10-18 19:37:24 +0200 |
commit | d77d18d9baa075ada6f082779c27d9c02a5cd8bb (patch) | |
tree | 376542928333b7f78130d2d39f782d418473cbf9 /dsa-texts/5.10.149-1 | |
parent | 1a5833462207a9bd42651c5ab1f04911f40c08dd (diff) |
Move released version for bullseye-security update
Diffstat (limited to 'dsa-texts/5.10.149-1')
-rw-r--r-- | dsa-texts/5.10.149-1 | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/dsa-texts/5.10.149-1 b/dsa-texts/5.10.149-1 new file mode 100644 index 000000000..2310ff4d0 --- /dev/null +++ b/dsa-texts/5.10.149-1 @@ -0,0 +1,101 @@ +Package: linux +CVE ID: CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602 CVE-2022-20421 CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2021-4037 + + Christian Brauner reported the inode_init_owner function for the XFS + filesystem the Linux kernel allows local users to create files with + an unintended group ownership allowing attackers to escalate + privileges by making a plain file executable and SGID. + +CVE-2022-0171 + + Mingwei Zhang reported that a cache incoherence issue in the SEV API + in the KVM subsystem may result in denial of service. + +CVE-2022-1184 + + A flaw was discovered in the ext4 filesystem driver which can lead + to a use-after-free. A local user permitted to mount arbitrary + filesystems could exploit this to cause a denial of service (crash + or memory corruption) or possibly for privilege escalation. + +CVE-2022-2602 + + It was discovered that a race condition in the handling of + processing io_uring requests on a registered file and the Unix + socket Carbage Collection running may result in a use-after-free, + which may result in local privilege escalation. + +CVE-2022-20421 + + A use-after-free vulnerability was discovered in the + binder_inc_ref_for_node function in the Android binder driver. On + systems where the binder driver is loaded, a local user could + exploit this for privilege escalation. + +CVE-2022-2663 + + David Leadbeater reported flaws in the nf_conntrack_irc + connection-tracking protocol module. When this module is enabled + on a firewall, an external user on the same IRC network as an + internal user could exploit its lax parsing to open arbitrary TCP + ports in the firewall, to reveal their public IP address, or to + block their IRC connection at the firewall. + +CVE-2022-3061 + + A flaw was discovered in the i740 driver which may result in denial + of service. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-3176 + + A use-after-free flaw was discovered in the io_uring subsystem which + may result in local privilege escalation to root. + +CVE-2022-3303 + + A race condition in the snd_pcm_oss_sync function in the sound + subsystem in the Linux kernel due to improper locking may result in + denial of service. + +CVE-2022-39188 + + Jann Horn reported a race condition in the kernel's handling of + unmapping of certain memory ranges. When a driver created a + memory mapping with the VM_PFNMAP flag, which many GPU drivers do, + the memory mapping could be removed and freed before it was + flushed from the CPU TLBs. This could result in a page use-after- + free. A local user with access to such a device could exploit + this to cause a denial of service (crash or memory corruption) or + possibly for privilege escalation. + +CVE-2022-39842 + + An integer overflow was discovered in the pxa3xx-gcu video driver + which could lead to a heap out-of-bounds write. + + This driver is not enabled in Debian's official kernel + configurations. + +CVE-2022-40307 + + A race condition was discovered in the EFI capsule-loader driver, + which could lead to use-after-free. A local user permitted to + access this device (/dev/efi_capsule_loader) could exploit this to + cause a denial of service (crash or memory corruption) or possibly + for privilege escalation. However, this device is normally only + accessible by the root user. + +CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722 + + Soenke Huster discovered several vulnerabilities in the mac80211 + subsystem triggered by WLAN frames which may result in denial of + service or the execution or arbitrary code. |