[gull] Fwd: [SECURITY] [DSA 5257-1] linux security update

Concombre Masqué phil at gnou.ch
Wed Oct 19 08:23:51 CEST 2022 

Suffisamment importante pour justifier un fwd. à la liste du GULL.

> Début du message réexpédié :
> 
> De: Salvatore Bonaccorso <carnil at debian.org>
> Objet: [SECURITY] [DSA 5257-1] linux security update
> Date: 18 octobre 2022 à 23:06:43 UTC+2
> À: debian-security-announce at lists.debian.org
> Renvoyé-De: debian-security-announce at lists.debian.org
> Répondre à: debian-security-announce-request at lists.debian.org
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-5257-1                   security at debian.org
> https://www.debian.org/security/                     Salvatore Bonaccorso
> October 18, 2022                      https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : linux
> CVE ID         : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602
>                 CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303
>                 CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307
>                 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
>                 CVE-2022-42722
> 
> Several vulnerabilities have been discovered in the Linux kernel that
> may lead to a privilege escalation, denial of service or information
> leaks.
> 
> CVE-2021-4037
> 
>    Christian Brauner reported that the inode_init_owner function for
>    the XFS filesystem in the Linux kernel allows local users to create
>    files with an unintended group ownership allowing attackers to
>    escalate privileges by making a plain file executable and SGID.
> 
> CVE-2022-0171
> 
>    Mingwei Zhang reported that a cache incoherence issue in the SEV API
>    in the KVM subsystem may result in denial of service.
> 
> CVE-2022-1184
> 
>    A flaw was discovered in the ext4 filesystem driver which can lead
>    to a use-after-free. A local user permitted to mount arbitrary
>    filesystems could exploit this to cause a denial of service (crash
>    or memory corruption) or possibly for privilege escalation.
> 
> CVE-2022-2602
> 
>    A race between handling an io_uring request and the Unix socket
>    garbage collector was discovered. An attacker can take advantage of
>    this flaw for local privilege escalation.
> 
> CVE-2022-2663
> 
>    David Leadbeater reported flaws in the nf_conntrack_irc
>    connection-tracking protocol module.  When this module is enabled
>    on a firewall, an external user on the same IRC network as an
>    internal user could exploit its lax parsing to open arbitrary TCP
>    ports in the firewall, to reveal their public IP address, or to
>    block their IRC connection at the firewall.
> 
> CVE-2022-3061
> 
>    A flaw was discovered in the i740 driver which may result in denial
>    of service.
> 
>    This driver is not enabled in Debian's official kernel
>    configurations.
> 
> CVE-2022-3176
> 
>    A use-after-free flaw was discovered in the io_uring subsystem which
>    may result in local privilege escalation to root.
> 
> CVE-2022-3303
> 
>    A race condition in the snd_pcm_oss_sync function in the sound
>    subsystem in the Linux kernel due to improper locking may result in
>    denial of service.
> 
> CVE-2022-20421
> 
>    A use-after-free vulnerability was discovered in the
>    binder_inc_ref_for_node function in the Android binder driver. On
>    systems where the binder driver is loaded, a local user could
>    exploit this for privilege escalation.
> 
> CVE-2022-39188
> 
>    Jann Horn reported a race condition in the kernel's handling of
>    unmapping of certain memory ranges.  When a driver created a
>    memory mapping with the VM_PFNMAP flag, which many GPU drivers do,
>    the memory mapping could be removed and freed before it was
>    flushed from the CPU TLBs.  This could result in a page use-after-
>    free.  A local user with access to such a device could exploit
>    this to cause a denial of service (crash or memory corruption) or
>    possibly for privilege escalation.
> 
> CVE-2022-39842
> 
>    An integer overflow was discovered in the pxa3xx-gcu video driver
>    which could lead to a heap out-of-bounds write.
> 
>    This driver is not enabled in Debian's official kernel
>    configurations.
> 
> CVE-2022-40307
> 
>    A race condition was discovered in the EFI capsule-loader driver,
>    which could lead to use-after-free.  A local user permitted to
>    access this device (/dev/efi_capsule_loader) could exploit this to
>    cause a denial of service (crash or memory corruption) or possibly
>    for privilege escalation.  However, this device is normally only
>    accessible by the root user.
> 
> CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
> 
>    Soenke Huster discovered several vulnerabilities in the mac80211
>    subsystem triggered by WLAN frames which may result in denial of
>    service or the execution or arbitrary code.
> 
> For the stable distribution (bullseye), these problems have been fixed in
> version 5.10.149-1.
> 
> We recommend that you upgrade your linux packages.
> 
> For the detailed security status of linux please refer to its security
> tracker page at:
> https://security-tracker.debian.org/tracker/linux
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce at lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> 
> iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo
> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
> NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
> z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE
> 4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t
> M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90
> v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU
> QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN
> 4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV
> C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm
> +80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB
> vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p
> 94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h
> hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo=
> =gJNm
> -----END PGP SIGNATURE-----
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://forum.linux-gull.ch/pipermail/gull/attachments/20221019/760d4893/attachment.html>

More information about the gull mailing list