[gull] Fwd: [SECURITY] [DSA 5257-1] linux security update
Concombre Masqué
phil at gnou.ch
Wed Oct 19 08:23:51 CEST 2022
Suffisamment importante pour justifier un fwd. à la liste du GULL.
> Début du message réexpédié :
>
> De: Salvatore Bonaccorso <carnil at debian.org>
> Objet: [SECURITY] [DSA 5257-1] linux security update
> Date: 18 octobre 2022 à 23:06:43 UTC+2
> À: debian-security-announce at lists.debian.org
> Renvoyé-De: debian-security-announce at lists.debian.org
> Répondre à: debian-security-announce-request at lists.debian.org
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-5257-1 security at debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> October 18, 2022 https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : linux
> CVE ID : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602
> CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303
> CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307
> CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
> CVE-2022-42722
>
> Several vulnerabilities have been discovered in the Linux kernel that
> may lead to a privilege escalation, denial of service or information
> leaks.
>
> CVE-2021-4037
>
> Christian Brauner reported that the inode_init_owner function for
> the XFS filesystem in the Linux kernel allows local users to create
> files with an unintended group ownership allowing attackers to
> escalate privileges by making a plain file executable and SGID.
>
> CVE-2022-0171
>
> Mingwei Zhang reported that a cache incoherence issue in the SEV API
> in the KVM subsystem may result in denial of service.
>
> CVE-2022-1184
>
> A flaw was discovered in the ext4 filesystem driver which can lead
> to a use-after-free. A local user permitted to mount arbitrary
> filesystems could exploit this to cause a denial of service (crash
> or memory corruption) or possibly for privilege escalation.
>
> CVE-2022-2602
>
> A race between handling an io_uring request and the Unix socket
> garbage collector was discovered. An attacker can take advantage of
> this flaw for local privilege escalation.
>
> CVE-2022-2663
>
> David Leadbeater reported flaws in the nf_conntrack_irc
> connection-tracking protocol module. When this module is enabled
> on a firewall, an external user on the same IRC network as an
> internal user could exploit its lax parsing to open arbitrary TCP
> ports in the firewall, to reveal their public IP address, or to
> block their IRC connection at the firewall.
>
> CVE-2022-3061
>
> A flaw was discovered in the i740 driver which may result in denial
> of service.
>
> This driver is not enabled in Debian's official kernel
> configurations.
>
> CVE-2022-3176
>
> A use-after-free flaw was discovered in the io_uring subsystem which
> may result in local privilege escalation to root.
>
> CVE-2022-3303
>
> A race condition in the snd_pcm_oss_sync function in the sound
> subsystem in the Linux kernel due to improper locking may result in
> denial of service.
>
> CVE-2022-20421
>
> A use-after-free vulnerability was discovered in the
> binder_inc_ref_for_node function in the Android binder driver. On
> systems where the binder driver is loaded, a local user could
> exploit this for privilege escalation.
>
> CVE-2022-39188
>
> Jann Horn reported a race condition in the kernel's handling of
> unmapping of certain memory ranges. When a driver created a
> memory mapping with the VM_PFNMAP flag, which many GPU drivers do,
> the memory mapping could be removed and freed before it was
> flushed from the CPU TLBs. This could result in a page use-after-
> free. A local user with access to such a device could exploit
> this to cause a denial of service (crash or memory corruption) or
> possibly for privilege escalation.
>
> CVE-2022-39842
>
> An integer overflow was discovered in the pxa3xx-gcu video driver
> which could lead to a heap out-of-bounds write.
>
> This driver is not enabled in Debian's official kernel
> configurations.
>
> CVE-2022-40307
>
> A race condition was discovered in the EFI capsule-loader driver,
> which could lead to use-after-free. A local user permitted to
> access this device (/dev/efi_capsule_loader) could exploit this to
> cause a denial of service (crash or memory corruption) or possibly
> for privilege escalation. However, this device is normally only
> accessible by the root user.
>
> CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
>
> Soenke Huster discovered several vulnerabilities in the mac80211
> subsystem triggered by WLAN frames which may result in denial of
> service or the execution or arbitrary code.
>
> For the stable distribution (bullseye), these problems have been fixed in
> version 5.10.149-1.
>
> We recommend that you upgrade your linux packages.
>
> For the detailed security status of linux please refer to its security
> tracker page at:
> https://security-tracker.debian.org/tracker/linux
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce at lists.debian.org
> -----BEGIN PGP SIGNATURE-----
>
> iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo
> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
> NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
> z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE
> 4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t
> M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90
> v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU
> QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN
> 4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV
> C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm
> +80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB
> vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p
> 94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h
> hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo=
> =gJNm
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://forum.linux-gull.ch/pipermail/gull/attachments/20221019/760d4893/attachment.html>
More information about the gull
mailing list