Debian: DLA-3404-1 Critical: Linux Kernel Privilege Escalation
debian lts
May 2, 2023
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak
Topics Covered
Summary
A regression was discovered the KVM implementation for Intel CPUs,
affecting Spectre v2 mitigation for nested virtualisation. When
KVM was used as the L0 hypervisor, an L2 guest could exploit this
to leak sensitive information from its L1 hypervisor.
CVE-2022-3424
Zheng Wang and Zhuorao Yang reported a flaw in the SGI GRU driver
which could lead to a use-after-free. On systems where this driver
is used, a local user can explit this for denial of service (crash
or memory corruption) or possibly for privilege escalation.
This driver is not enabled in Debian's official kernel
configurations.
CVE-2022-3707
Zheng Wang reported a flaw in the i915 graphics driver's
virtualisation (GVT-g) support that could lead to a double-free.
On systems where this feature is used, a guest can exploit this
for denial of service (crash or memory corruption) or possibly for
privilege escalation.
CVE-2022-4129
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: linux-5.10
Version: 5.10.178-3~deb10u1
CVE ID: CVE-2022-2196 CVE-2022-3424 CVE-2022-3707 CVE-2022-4129
Debian Bug: 989705 993612 1022126 1031753
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!