Linux Kernel Security Update DSA 5324-1

      Keine Kommentare zu Linux Kernel Security Update DSA 5324-1
Logo debian

13 Sicherheitslücken wurden im Linux Kernel gefunden. Diese führen zum Teil zur Rechteausweitung und zum DoS (Denial of Service). Für Debian wurden die Lücken im Bullseye Kernel in Version 5.10.162-1 geschlossen.

Debian Kernel Security DSA 5324-1 Release Notes

CVE-2022-2873

Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of service (system crash).

CVE-2022-3545

It was discovered that the Netronome Flow Processor (NFP) driver contained a use-after-free flaw in area_cache_get(), which may result in denial of service or the execution of arbitrary code.

CVE-2022-3623

A race condition when looking up a CONT-PTE/PMD size hugetlb page may result in denial of service or an information leak.

CVE-2022-4696

A use-after-free vulnerability was discovered in the io_uring subsystem.

CVE-2022-36280

An out-of-bounds memory write vulnerability was discovered in the vmwgfx driver, which may allow a local unprivileged user to cause a denial of service (system crash).

CVE-2022-41218

Hyunwoo Kim reported a use-after-free flaw in the Media DVB core subsystem caused by refcount races, which may allow a local user to cause a denial of service or escalate privileges.

CVE-2022-45934

An integer overflow in l2cap_config_req() in the Bluetooth subsystem was discovered, which may allow a physically proximate attacker to cause a denial of service (system crash).

CVE-2022-47929

Frederick Lawler reported a NULL pointer dereference in the traffic control subsystem allowing an unprivileged user to cause a denial of service by setting up a specially crafted traffic control
configuration.

CVE-2023-0179

Davide Ornaghi discovered incorrect arithmetics when fetching VLAN header bits in the netfilter subsystem, allowing a local user to leak stack and heap addresses or potentially local privilege
escalation to root.

CVE-2023-0266

A use-after-free flaw in the sound subsystem due to missing locking may result in denial of service or privilege escalation.

CVE-2023-0394

Kyle Zeng discovered a NULL pointer dereference flaw in rawv6_push_pending_frames() in the network subsystem allowing a local user to cause a denial of service (system crash).

CVE-2023-23454

Kyle Zeng reported that the Class Based Queueing (CBQ) network scheduler was prone to denial of service due to interpreting classification results before checking the classification return code.

CVE-2023-23455

Kyle Zeng reported that the ATM Virtual Circuits (ATM) network scheduler was prone to a denial of service due to interpreting classification results before checking the classification return code.

Infos unter: https://security-tracker.debian.org/tracker/linux

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert