Debian 10 Buster DLA-3131-1 Critical: Linux Kernel Privilege Escalation
debian lts
October 2, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks
Topics Covered
Summary
A flaw was found in the eBPF verifier which could lead to an
out-of-bounds read. If unprivileged use of eBPF is enabled, this
could leak sensitive information. This was already disabled by
default, which would fully mitigate the vulnerability.
CVE-2021-33655
A user with access to a framebuffer console device could cause a
memory out-of-bounds write via the FBIOPUT_VSCREENINFO ioctl.
CVE-2021-33656
A user with access to a framebuffer console device could cause a
memory out-of-bounds write via some font setting ioctls. These
obsolete ioctls have been removed.
CVE-2022-1462
一只狗 reported a race condition in the pty (pseudo-terminal)
subsystem that can lead to a slab out-of-bounds write. A local
user could exploit this to cause a denial of service (crash or
memory corruption) or possibly for privilege escalation.
CVE-2022-1679
The syzbot tool found a race condition in the ath9k_htc driver
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux
Version: 4.19.260-1
CVE ID: CVE-2021-4159 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462
Debian Bug: 1018752
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!