NVIDIA has released a security update for its GPU display driver, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.
CVE-2022-4139 was made public as an i915 kernel graphics driver security issue affecting all Gen12 graphics -- from integrated Tigerlake graphics up through the latest Raptor Lake graphics as well as the in-development Meteor Lake code plus the discrete GPUs of DG2/Alchemist and Arctic Sound.
Anytime you upgrade software, you risk something breaking. This is the nature of the IT beast. The purpose of patches is usually to fix a bug or, worse, a security vulnerability.
Redhat has just just published a risk advisory about a vulnerability in the Linux Kernel that allows for local privilege escalation. This vulnerability is tracked as CVE-2022-3910 (CVSS score: 7.4).
Samba this week released patches for an integer overflow vulnerability that could potentially lead to arbitrary code execution.
Canonical has released a new Linux kernel security updates for all supported Ubuntu LTS releases to address up to 16 vulnerabilities discovered by various security researchers.
The local privilege escalation vulnerability in the Linux Kernel was reported by Redhat, and its CVE code is 2022-3977. The problem is that the most recent Linux kernel upstream contains a use-after-free vulnerability called mctp sk unhash that may be exploited to elevate privileges to root.
