Debian DSA-5257-1 Critical: Kernel Flaws Require Immediate Action
debian
October 18, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2021-4037
Christian Brauner reported that the inode_init_owner function for
the XFS filesystem in the Linux kernel allows local users to create
files with an unintended group ownership allowing attackers to
escalate privileges by making a plain file executable and SGID.
CVE-2022-0171
Mingwei Zhang reported that a cache incoherence issue in the SEV API
in the KVM subsystem may result in denial of service.
CVE-2022-1184
A flaw was discovered in the ext4 filesystem driver which can lead
to a use-after-free. A local user permitted to mount arbitrary
filesystems could exploit this to cause a denial of service (crash
or memory corruption) or possibly for privilege escalation.
CVE-2022-2602
A race between handling an io_uring request and the Unix socket
garbage collector was discovered. An attacker can take advantage of
this flaw for local privilege escalation.
CVE-2022-2663
David Leadbeater reported flaws in the nf_conntrack_irc
connection-trac...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!