Debian: DSA-5480-1 Critical: Kernel Denial Of Service Risks
debian
August 18, 2023
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2022-4269
William Zhao discovered that a flaw in the Traffic Control (TC)
subsystem when using a specific networking configuration
(redirecting egress packets to ingress using TC action "mirred"),
may allow a local unprivileged user to cause a denial of service
(triggering a CPU soft lockup).
CVE-2022-39189
Jann Horn discovered that TLB flush operations are mishandled in the
KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which may
allow an unprivileged guest user to compromise the guest kernel.
CVE-2023-1206
It was discovered that the networking stack permits attackers to
force hash collisions in the IPv6 connection lookup table, which may
result in denial of service (significant increase in the cost of
lookups, increased CPU utilization).
CVE-2023-1380
Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi
driver. On systems using this driver, a local user could exploit
this to read sensitive information or to caus...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!