Debian: DSA-5324-1: linux security update | LinuxSecurity.com

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5324-1                   [email protected]
https://www.debian.org/security/                     Salvatore Bonaccorso
January 23, 2023                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696
                 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929
                 CVE-2023-0179 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454
                 CVE-2023-23455

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2022-2873

    Zheyu Ma discovered that an out-of-bounds memory access flaw in the
    Intel iSMT SMBus 2.0 host controller driver may result in denial of
    service (system crash).

CVE-2022-3545

    It was discovered that the Netronome Flow Processor (NFP) driver
    contained a use-after-free flaw in area_cache_get(), which may
    result in denial of service or the execution of arbitrary code.

CVE-2022-3623

    A race condition when looking up a CONT-PTE/PMD size hugetlb page
    may result in denial of service or an information leak.

CVE-2022-4696

    A use-after-free vulnerability was discovered in the io_uring
    subsystem.

CVE-2022-36280

    An out-of-bounds memory write vulnerability was discovered in the
    vmwgfx driver, which may allow a local unprivileged user to cause a
    denial of service (system crash).

CVE-2022-41218

    Hyunwoo Kim reported a use-after-free flaw in the Media DVB core
    subsystem caused by refcount races, which may allow a local user to
    cause a denial of service or escalate privileges.

CVE-2022-45934

    An integer overflow in l2cap_config_req() in the Bluetooth subsystem
    was discovered, which may allow a physically proximate attacker to
    cause a denial of service (system crash).

CVE-2022-47929

    Frederick Lawler reported a NULL pointer dereference in the traffic
    control subsystem allowing an unprivileged user to cause a denial of
    service by setting up a specially crafted traffic control
    configuration.

CVE-2023-0179

    Davide Ornaghi discovered incorrect arithmetics when fetching VLAN
    header bits in the netfilter subsystem, allowing a local user to
    leak stack and heap addresses or potentially local privilege
    escalation to root.

CVE-2023-0266

    A use-after-free flaw in the sound subsystem due to missing locking
    may result in denial of service or privilege escalation.

CVE-2023-0394

    Kyle Zeng discovered a NULL pointer dereference flaw in
    rawv6_push_pending_frames() in the network subsystem allowing a
    local user to cause a denial of service (system crash).

CVE-2023-23454

    Kyle Zeng reported that the Class Based Queueing (CBQ) network
    scheduler was prone to denial of service due to interpreting
    classification results before checking the classification
    return code.

CVE-2023-23455

    Kyle Zeng reported that the ATM Virtual Circuits (ATM) network
    scheduler was prone to a denial of service due to interpreting
    classification results before checking the classification
    return code.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.162-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Debian: DSA-5324-1: linux security update

January 23, 2023
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2022-2873

Zheyu Ma discovered that an out-of-bounds memory access flaw in the
Intel iSMT SMBus 2.0 host controller driver may result in denial of
service (system crash).

CVE-2022-3545

It was discovered that the Netronome Flow Processor (NFP) driver
contained a use-after-free flaw in area_cache_get(), which may
result in denial of service or the execution of arbitrary code.

CVE-2022-3623

A race condition when looking up a CONT-PTE/PMD size hugetlb page
may result in denial of service or an information leak.

CVE-2022-4696

A use-after-free vulnerability was discovered in the io_uring
subsystem.

CVE-2022-36280

An out-of-bounds memory write vulnerability was discovered in the
vmwgfx driver, which may allow a local unprivileged user to cause a
denial of service (system crash).

CVE-2022-41218

Hyunwoo Kim reported a use-after-free flaw in the Media DVB core
subsystem caused by refcount races, which may allow a local user to
cause a denial of service or escalate privileges.

CVE-2022-45934

An integer overflow in l2cap_config_req() in the Bluetooth subsystem
was discovered, which may allow a physically proximate attacker to
cause a denial of service (system crash).

CVE-2022-47929

Frederick Lawler reported a NULL pointer dereference in the traffic
control subsystem allowing an unprivileged user to cause a denial of
service by setting up a specially crafted traffic control
configuration.

CVE-2023-0179

Davide Ornaghi discovered incorrect arithmetics when fetching VLAN
header bits in the netfilter subsystem, allowing a local user to
leak stack and heap addresses or potentially local privilege
escalation to root.

CVE-2023-0266

A use-after-free flaw in the sound subsystem due to missing locking
may result in denial of service or privilege escalation.

CVE-2023-0394

Kyle Zeng discovered a NULL pointer dereference flaw in
rawv6_push_pending_frames() in the network subsystem allowing a
local user to cause a denial of service (system crash).

CVE-2023-23454

Kyle Zeng reported that the Class Based Queueing (CBQ) network
scheduler was prone to denial of service due to interpreting
classification results before checking the classification
return code.

CVE-2023-23455

Kyle Zeng reported that the ATM Virtual Circuits (ATM) network
scheduler was prone to a denial of service due to interpreting
classification results before checking the classification
return code.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.162-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Severity
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.