Debian: DSA-5161-1 Critical: Linux Kernel Escalation and DoS Threats
debian
June 11, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2022-0494
The scsi_ioctl() was susceptible to an information leak only
exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO
capabilities.
CVE-2022-0854
Ali Haider discovered a potential information leak in the DMA
subsystem. On systems where the swiotlb feature is needed, this
might allow a local user to read sensitive information.
CVE-2022-1012
The randomisation when calculating port offsets in the IP
implementation was enhanced.
CVE-2022-1729
Norbert Slusarek discovered a race condition in the perf subsystem
which could result in local privilege escalation to root. The
default settings in Debian prevent exploitation unless more
permissive settings have been applied in the
kernel.perf_event_paranoid sysctl.
CVE-2022-1786
Kyle Zeng discovered a use-after-free in the io_uring subsystem
which way result in local privilege escalation to root.
CVE-2022-1789 / CVE-2022-1852
Yongkang Jia, Gaoning Pan and Qiuhao Li discovered two NULL pointer
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!