Debian 10: DLA-3173-1 Critical: linux-5.10 Privilege Escalation
debian lts
November 1, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Topics Covered
Summary
CVE-2021-4037
Christian Brauner reported that the inode_init_owner function for
the XFS filesystem in the Linux kernel allows local users to
create files with an unintended group ownership allowing attackers
to escalate privileges by making a plain file executable and SGID.
CVE-2022-0171
Mingwei Zhang reported that a cache incoherence issue in the SEV
API in the KVM subsystem may result in denial of service.
CVE-2022-1184
A flaw was discovered in the ext4 filesystem driver which can lead
to a use-after-free. A local user permitted to mount arbitrary
filesystems could exploit this to cause a denial of service (crash
or memory corruption) or possibly for privilege escalation.
CVE-2022-1679
The syzbot tool found a race condition in the ath9k_htc driver
which can lead to a use-after-free. This might be exploitable to
cause a denial service (crash or memory corruption) or possibly
for privilege escalation.
CVE-2022-2153
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-5.10
Version: 5.10.149-2~deb10u1
CVE ID: CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-1679
Debian Bug: 1017425 1019248
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!