Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Debian DSA-5402-1 Critical: Kernel Privilege Escalation and DoS

debian
Calendar Grey May 13, 2023
Debian Logo
Multiple weaknesses within the Linux kernel may result in elevated privileges, service interruptions, or unauthorized data disclosures.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2023-0386

It was discovered that under certain conditions the overlayfs
filesystem implementation did not properly handle copy up
operations. A local user permitted to mount overlay mounts in user
namespaces can take advantage of this flaw for local privilege
escalation.

CVE-2023-31436

Gwangun Jung reported a a flaw causing heap out-of-bounds read/write
errors in the traffic control subsystem for the Quick Fair Queueing
scheduler (QFQ) which may result in information leak, denial of
service or privilege escalation.

CVE-2023-32233

Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in
the Netfilter nf_tables implementation when processing batch
requests, which may result in local privilege escalation for a user
with the CAP_NET_ADMIN capability in any user or network namespace.

For the stable distribution (bullseye), these problems have been fixed in
version 5.10.179-1.

We recommend that you upgrade your linux packages.

For the detail...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: linux
CVE ID: CVE-2023-0386 CVE-2023-31436 CVE-2023-32233

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.