Debian 10: DLA-3623-1 Critical: Linux 5.10 Privilege Escalation Threats
debian lts
October 19, 2023
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2022-4269
William Zhao discovered that a flaw in the Traffic Control (TC)
subsystem when using a specific networking configuration
(redirecting egress packets to ingress using TC action "mirred"),
may allow a local unprivileged user to cause a denial of service
(triggering a CPU soft lockup).
CVE-2022-39189
Jann Horn discovered that TLB flush operations are mishandled in
the KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which
may allow an unprivileged guest user to compromise the guest
kernel.
CVE-2023-1206
It was discovered that the networking stack permits attackers to
force hash collisions in the IPv6 connection lookup table, which
may result in denial of service (significant increase in the cost
of lookups, increased CPU utilization).
CVE-2023-1380
Jisoo Jang reported a heap out-of-bounds read in the brcmfmac
Wi-Fi driver. On systems using this driver, a local user could
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-5.10
Version: 5.10.197-1~deb10u1
CVE ID: CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380
Debian Bug: 871216 1035359 1036543 1044518 1050622
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!