Debian 10: DLA-3244-1 Moderate: Linux 5.10 Privilege Escalation Advisory
debian lts
December 22, 2022
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
It was discovered that the memory cgroup controller did not
account for kernel memory allocated for IPC objects. A local user
could use this for denial of service (memory exhaustion).
CVE-2022-3169
It was discovered that the NVMe host driver did not prevent a
concurrent reset and subsystem reset. A local user with access to
an NVMe device could use this to cause a denial of service (device
disconnect or crash).
CVE-2022-3435
Gwangun Jung reported a flaw in the IPv4 forwarding subsystem
which would lead to an out-of-bounds read. A local user with
CAP_NET_ADMIN capability in any user namespace could possibly
exploit this to cause a denial of service (crash).
CVE-2022-3521
The syzbot tool found a race condition in the KCM subsystem
which could lead to a crash.
This subsystem is not enabled in Debian's official kernel
configurations.
CVE-2022-3524
The syzbot tool found a race condition in the IPv6 stack which
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-5.10
Version: 5.10.158-2~deb10u1
CVE ID: CVE-2021-3759 CVE-2022-3169 CVE-2022-3435 CVE-2022-3521
Debian Bug: 1022806 1024697
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!