Discover Security Vulnerabilities News
Debian and Ubuntu Users Get Kernel Security Updates to Fix Recent Wi-Fi Stack Flaws
On October 18th, 2022, Debian GNU/Linux 11 “Bullseye” users received a new major kernel update patching a total of 17 security vulnerabilities, including CVE-2022-3176 and CVE-2022-2602, two flaws discovered in the io_uring subsystem that could lead to local privilege escalation to root, and CVE-2022-40307, a race condition discovered in the EFI capsule-loader driver that could also lead to local privilege escalation or a denial of service (crash or memory corruption).
Also patched are CVE-2022-20421, another use-after-free vulnerability that could lead to privilege escalation, CVE-2022-39188, a race condition discovered by Google Project Zero’s Jann Horn in the kernel’s handling of unmapping of specific memory ranges, which could also lead to local privilege escalation or denial of service, and CVE-2022-39842, an integer overflow discovered in the pxa3xx-gcu video driver that could lead to a heap out-of-bounds write.
The link for this article located at 9 to 5 Linux is no longer available.