Debian LTS: DLA-3710-1 moderate: Linux Kernel DoS and Escalation Risks
debian lts
January 11, 2024
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2021-44879
Wenqing Liu reported a NULL pointer dereference in the f2fs
implementation. An attacker able to mount a specially crafted image
can take advantage of this flaw for denial of service.
CVE-2023-0590
Dmitry Vyukov discovered a race condition in the network scheduler
core that that can lead to a use-after-free. A local user with
the CAP_NET_ADMIN capability in any user or network namespace
could exploit this to cause a denial of service (crash or memory
corruption) or possibly for privilege escalation.
CVE-2023-1077
Pietro Borrello reported a type confusion flaw in the task
scheduler. A local user might be able to exploit this to cause a
denial of service (crash or memory corruption) or possibly for
privilege escalation.
CVE-2023-1206
It was discovered that the networking stack permits attackers to
force hash collisions in the IPv6 connection lookup table, which
may result in denial of service (significant increase in the cost
PREVIOUS
NEXT
Package: linux
Version: 4.19.304-1
CVE ID: CVE-2021-44879 CVE-2023-0590 CVE-2023-1077 CVE-2023-1206
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!