Debian: DLA-3065-1 Moderate: Linux Kernel Privilege Escalation and Leaks
debian lts
July 1, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
This update is unfortunately not available for the armel architecture.
CVE-2018-1108
It was discovered that the random driver could generate random
bytes through /dev/random and the getrandom() system call before
gathering enough entropy that these would be unpredictable. This
could compromise the confidentiality and integrity of encrypted
communications.
The original fix for this issue had to be reverted because it
caused the boot process to hang on many systems. In this version,
the random driver has been updated, making it more effective in
gathering entropy without needing a hardware RNG.
CVE-2021-4149
Hao Sun reported a flaw in the Btrfs fileysstem driver. There
is a potential lock imbalance in an error path. A local user
might be able to exploit this for denial of service.
CVE-2021-39713
The syzbot tool found a race condition in the network scheduling
subsystem which could lead to a use-after-free. A local user
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: linux
Version: 4.9.320-2
CVE ID: CVE-2018-1108 CVE-2021-4149 CVE-2021-39713 CVE-2022-0494
Debian Bug: 922204
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!