• [SECURITY] [DSA 5257-1] linux security update

    From Salvatore Bonaccorso@21:1/5 to All on Tue Oct 18 23:10:01 2022
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5257-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : linux
    CVE ID : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602
    CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303
    CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307
    CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721

    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information


    Christian Brauner reported that the inode_init_owner function for
    the XFS filesystem in the Linux kernel allows local users to create
    files with an unintended group ownership allowing attackers to
    escalate privileges by making a plain file executable and SGID.


    Mingwei Zhang reported that a cache incoherence issue in the SEV API
    in the KVM subsystem may result in denial of service.


    A flaw was discovered in the ext4 filesystem driver which can lead
    to a use-after-free. A local user permitted to mount arbitrary
    filesystems could exploit this to cause a denial of service (crash
    or memory corruption) or possibly for privilege escalation.


    A race between handling an io_uring request and the Unix socket
    garbage collector was discovered. An attacker can take advantage of
    this flaw for local privilege escalation.


    David Leadbeater reported flaws in the nf_conntrack_irc
    connection-tracking protocol module. When this module is enabled
    on a firewall, an external user on the same IRC network as an
    internal user could exploit its lax parsing to open arbitrary TCP
    ports in the firewall, to reveal their public IP address, or to
    block their IRC connection at the firewall.


    A flaw was discovered in the i740 driver which may result in denial
    of service.

    This driver is not enabled in Debian's official kernel


    A use-after-free flaw was discovered in the io_uring subsystem which
    may result in local privilege escalation to root.


    A race condition in the snd_pcm_oss_sync function in the sound
    subsystem in the Linux kernel due to improper locking may result in
    denial of service.


    A use-after-free vulnerability was discovered in the
    binder_inc_ref_for_node function in the Android binder driver. On
    systems where the binder driver is loaded, a local user could
    exploit this for privilege escalation.


    Jann Horn reported a race condition in the kernel's handling of
    unmapping of certain memory ranges. When a driver created a
    memory mapping with the VM_PFNMAP flag, which many GPU drivers do,
    the memory mapping could be removed and freed before it was
    flushed from the CPU TLBs. This could result in a page use-after-
    free. A local user with access to such a device could exploit
    this to cause a denial of service (crash or memory corruption) or
    possibly for privilege escalation.


    An integer overflow was discovered in the pxa3xx-gcu video driver
    which could lead to a heap out-of-bounds write.

    This driver is not enabled in Debian's official kernel


    A race condition was discovered in the EFI capsule-loader driver,
    which could lead to use-after-free. A local user permitted to
    access this device (/dev/efi_capsule_loader) could exploit this to
    cause a denial of service (crash or memory corruption) or possibly
    for privilege escalation. However, this device is normally only
    accessible by the root user.

    CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722

    Soenke Huster discovered several vulnerabilities in the mac80211
    subsystem triggered by WLAN frames which may result in denial of
    service or the execution or arbitrary code.

    For the stable distribution (bullseye), these problems have been fixed in version 5.10.149-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to its security
    tracker page at:

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE 4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90 v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN 4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm +80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p 94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo=
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)