Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian 10 Buster DLA-3508-1 Moderate: Linux Kernel Privilege Escalation

debian lts
Calendar Grey July 27, 2023
Scroller Debian Lts
Enhance your Linux journey by installing Debian LTS DLA-3508-1, a crucial update that addresses security vulnerabilities in the kernel, ensuring robust protection
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2023-1380

Jisoo Jang reported a heap out-of-bounds read in the brcmfmac
Wi-Fi driver. On systems using this driver, a local user could
exploit this to read sensitive information or to cause a denial of
service (crash).

CVE-2023-2002

Ruiahn Li reported an incorrect permissions check in the Bluetooth
subsystem. A local user could exploit this to reconfigure local
Bluetooth interfaces, resulting in information leaks, spoofing, or
denial of service (loss of connection).

CVE-2023-2007

Lucas Leong (@_wmliang_) and Reno Robert of Trend Micro Zero Day
Initiative discovered a time-of-check-to-time-of-use flaw in the
dpt_i2o SCSI controller driver. A local user with access to a
SCSI device using this driver could exploit this for privilege
escalation.

This flaw has been mitigated by removing support for the I2OUSRCMD
operation.

CVE-2023-2269

Zheng Zhang reported that improper handling of locking in the

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: linux
Version: 4.19.289-1
CVE ID: CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-2269

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.