Debian: DSA-5128-1 Urgent: Kernel Vulnerability and System Compromise
debian
May 2, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2021-4197
Eric Biederman reported that incorrect permission checks in the
cgroup process migration implementation can allow a local attacker
to escalate privileges.
CVE-2022-0168
A NULL pointer dereference flaw was found in the CIFS client
implementation which can allow a local attacker with CAP_SYS_ADMIN
privileges to crash the system. The security impact is negligible as
CAP_SYS_ADMIN inherently gives the ability to deny service.
CVE-2022-1016
David Bouman discovered a flaw in the netfilter subsystem where the
nft_do_chain function did not initialize register data that
nf_tables expressions can read from and write to. A local attacker
can take advantage of this to read sensitive information.
CVE-2022-1048
Hu Jiahui discovered a race condition in the sound subsystem that
can result in a use-after-free. A local user permitted to access a
PCM sound device can take advantage of this flaw to crash the
system or potentially for privilege esc...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!