-------------------------------------------------------------------------
Debian LTS Advisory DLA-3349-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Ben Hutchings
March 02, 2023                                https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : linux-5.10
Version        : 5.10.162-1~deb10u1
CVE ID         : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696
                 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929
                 CVE-2023-0179 CVE-2023-0240 CVE-2023-0266 CVE-2023-0394
                 CVE-2023-23454  CVE-2023-23455 CVE-2023-23586
Debian Bug     : 825141 1008501 1027430 1027483

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2022-2873

    Zheyu Ma discovered that an out-of-bounds memory access flaw in
    the Intel iSMT SMBus 2.0 host controller driver may result in
    denial of service (system crash).

CVE-2022-3545

    It was discovered that the Netronome Flow Processor (NFP) driver
    contained a use-after-free flaw in area_cache_get(), which may
    result in denial of service or the execution of arbitrary code.

CVE-2022-3623

    A race condition when looking up a CONT-PTE/PMD size hugetlb page
    may result in denial of service or an information leak.

CVE-2022-4696

    A use-after-free vulnerability was discovered in the io_uring
    subsystem.

CVE-2022-36280

    An out-of-bounds memory write vulnerability was discovered in the
    vmwgfx driver, which may allow a local unprivileged user to cause
    a denial of service (system crash).

CVE-2022-41218

    Hyunwoo Kim reported a use-after-free flaw in the Media DVB core
    subsystem caused by refcount races, which may allow a local user
    to cause a denial of service or escalate privileges.

CVE-2022-45934

    An integer overflow in l2cap_config_req() in the Bluetooth
    subsystem was discovered, which may allow a physically proximate
    attacker to cause a denial of service (system crash).

CVE-2022-47929

    Frederick Lawler reported a NULL pointer dereference in the
    traffic control subsystem allowing an unprivileged user to cause a
    denial of service by setting up a specially crafted traffic
    control configuration.

CVE-2023-0179

    Davide Ornaghi discovered incorrect arithmetics when fetching VLAN
    header bits in the netfilter subsystem, allowing a local user to
    leak stack and heap addresses or potentially local privilege
    escalation to root.

CVE-2023-0240

    A flaw was discovered in the io_uring subsystem that could lead
    to a use-after-free.  A local user could exploit this to cause
    a denial of service (crash or memory corruption) or possibly for
    privilege escalation.

CVE-2023-0266

    A use-after-free flaw in the sound subsystem due to missing
    locking may result in denial of service or privilege escalation.

CVE-2023-0394

    Kyle Zeng discovered a NULL pointer dereference flaw in
    rawv6_push_pending_frames() in the network subsystem allowing a
    local user to cause a denial of service (system crash).

CVE-2023-23454

    Kyle Zeng reported that the Class Based Queueing (CBQ) network
    scheduler was prone to denial of service due to interpreting
    classification results before checking the classification return
    code.

CVE-2023-23455

    Kyle Zeng reported that the ATM Virtual Circuits (ATM) network
    scheduler was prone to a denial of service due to interpreting
    classification results before checking the classification return
    code.

CVE-2023-23586

    A flaw was discovered in the io_uring subsystem that could lead to
    an information leak.  A local user could exploit this to obtain
    sensitive information from the kernel or other users.

For Debian 10 buster, these problems have been fixed in version
5.10.162-1~deb10u1.

This update also fixes Debian bugs #825141, #1008501, #1027430, and
#1027483, and includes many more bug fixes from stable updates
5.10.159-5.10.162 inclusive.

We recommend that you upgrade your linux-5.10 packages.

For the detailed security status of linux-5.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/linux-5.10

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3349-1: linux-5.10 security update

March 2, 2023
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2022-2873

Zheyu Ma discovered that an out-of-bounds memory access flaw in
the Intel iSMT SMBus 2.0 host controller driver may result in
denial of service (system crash).

CVE-2022-3545

It was discovered that the Netronome Flow Processor (NFP) driver
contained a use-after-free flaw in area_cache_get(), which may
result in denial of service or the execution of arbitrary code.

CVE-2022-3623

A race condition when looking up a CONT-PTE/PMD size hugetlb page
may result in denial of service or an information leak.

CVE-2022-4696

A use-after-free vulnerability was discovered in the io_uring
subsystem.

CVE-2022-36280

An out-of-bounds memory write vulnerability was discovered in the
vmwgfx driver, which may allow a local unprivileged user to cause
a denial of service (system crash).

CVE-2022-41218

Hyunwoo Kim reported a use-after-free flaw in the Media DVB core
subsystem caused by refcount races, which may allow a local user
to cause a denial of service or escalate privileges.

CVE-2022-45934

An integer overflow in l2cap_config_req() in the Bluetooth
subsystem was discovered, which may allow a physically proximate
attacker to cause a denial of service (system crash).

CVE-2022-47929

Frederick Lawler reported a NULL pointer dereference in the
traffic control subsystem allowing an unprivileged user to cause a
denial of service by setting up a specially crafted traffic
control configuration.

CVE-2023-0179

Davide Ornaghi discovered incorrect arithmetics when fetching VLAN
header bits in the netfilter subsystem, allowing a local user to
leak stack and heap addresses or potentially local privilege
escalation to root.

CVE-2023-0240

A flaw was discovered in the io_uring subsystem that could lead
to a use-after-free. A local user could exploit this to cause
a denial of service (crash or memory corruption) or possibly for
privilege escalation.

CVE-2023-0266

A use-after-free flaw in the sound subsystem due to missing
locking may result in denial of service or privilege escalation.

CVE-2023-0394

Kyle Zeng discovered a NULL pointer dereference flaw in
rawv6_push_pending_frames() in the network subsystem allowing a
local user to cause a denial of service (system crash).

CVE-2023-23454

Kyle Zeng reported that the Class Based Queueing (CBQ) network
scheduler was prone to denial of service due to interpreting
classification results before checking the classification return
code.

CVE-2023-23455

Kyle Zeng reported that the ATM Virtual Circuits (ATM) network
scheduler was prone to a denial of service due to interpreting
classification results before checking the classification return
code.

CVE-2023-23586

A flaw was discovered in the io_uring subsystem that could lead to
an information leak. A local user could exploit this to obtain
sensitive information from the kernel or other users.

For Debian 10 buster, these problems have been fixed in version
5.10.162-1~deb10u1.

This update also fixes Debian bugs #825141, #1008501, #1027430, and
#1027483, and includes many more bug fixes from stable updates
5.10.159-5.10.162 inclusive.

We recommend that you upgrade your linux-5.10 packages.

For the detailed security status of linux-5.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/linux-5.10

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : linux-5.10
Version : 5.10.162-1~deb10u1
CVE ID : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696
Debian Bug : 825141 1008501 1027430 1027483

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved