[SECURITY] [DSA 5492-1] linux security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5492-1] linux security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 09 Sep 2023 21:40:04 +0000
Message-id: <[🔎] E1qf5gS-0050Vs-Ln@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5492-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 09, 2023                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430 CVE-2023-2898
                 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773 CVE-2023-3776
                 CVE-2023-3777 CVE-2023-3863 CVE-2023-4004 CVE-2023-4015
                 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4155
                 CVE-2023-4194 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208
                 CVE-2023-4273 CVE-2023-4569 CVE-2023-4622 CVE-2023-20588
                 CVE-2023-34319 CVE-2023-40283

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-1206

    It was discovered that the networking stack permits attackers to
    force hash collisions in the IPv6 connection lookup table, which may
    result in denial of service (significant increase in the cost of
    lookups, increased CPU utilization).

CVE-2023-1989

    Zheng Wang reported a race condition in the btsdio Bluetooth adapter
    driver that can lead to a use-after-free. An attacker able to insert
    and remove SDIO devices can use this to cause a denial of service
    (crash or memory corruption) or possibly to run arbitrary code in
    the kernel.

CVE-2023-2430

    Xingyuan Mo discovered that the io_uring subsystem did not properly
    handle locking when the target ring is configured with IOPOLL, which
    may result in denial of service.

CVE-2023-2898

    It was discovered that missing sanitising in the f2fs file
    system may result in denial of service if a malformed file
    system is accessed.

CVE-2023-3611

    The TOTE Robot tool found a flaw in the Btrfs filesystem driver that
    can lead to a use-after-free. It's unclear whether an unprivileged
    user can exploit this.

CVE-2023-3772

    Lin Ma discovered a NULL pointer dereference flaw in the XFRM
    subsystem which may result in denial of service.

CVE-2023-3773

    Lin Ma discovered a flaw in the the XFRM subsystem, which may result
    in denial of service for a user with the CAP_NET_ADMIN capability in
    any user or network namespace.

CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208

    It was discovered that a use-after-free in the cls_fw, cls_u32 and
    cls_route network classifiers may result in denial of service or
    potential local privilege escalation.

CVE-2023-3777

    Kevin Rich discovered a use-after-free in Netfilter when flushing
    table rules, which may result in local privilege escalation for a
    user with the CAP_NET_ADMIN capability in any user or network
    namespace.

CVE-2023-3863

    It was discovered that a use-after-free in the NFC implementation
    may result in denial of service, an information leak or potential
    local privilege escalation.

CVE-2023-4004

    It was discovered that a use-after-free in Netfilter's
    implementation of PIPAPO (PIle PAcket POlicies) may result in denial
    of service or potential local privilege escalation for a user with
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4015

    Kevin Rich discovered a use-after-free in Netfilter when handling
    bound chain deactivation in certain circumstances, may result in
    denial of service or potential local privilege escalation for a user
    with the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4132

    A use-after-free in the driver for Siano SMS1xxx based MDTV
    receivers may result in local denial of service.

CVE-2023-4147

    Kevin Rich discovered a use-after-free in Netfilter when adding a
    rule with NFTA_RULE_CHAIN_ID, which may result in local privilege
    escalation for a user with the CAP_NET_ADMIN capability in any user
    or network namespace.

CVE-2023-4155

    Andy Nguyen discovered a flaw in the KVM subsystem allowing a KVM
    guest using EV-ES or SEV-SNP to cause a denial of service.

CVE-2023-4194

    A type confusion in the implementation of TUN/TAP network devices
    may allow a local user to bypass network filters.

CVE-2023-4273

    Maxim Suhanov discovered a stack overflow in the exFAT driver, which
    may result in local denial of service via a malformed file system.

CVE-2023-4569

    lonial con discovered flaw in the Netfilter subsystem, which may
    allow a local attacher to cause a double-deactivations of catchall
    elements, which results in a memory leak.

CVE-2023-4622

    Bing-Jhong Billy Jheng discovered a use-after-free within the Unix
    domain sockets component, which may result in local privilege
    escalation.

CVE-2023-20588

    Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and
    Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1
    micro architecture an integer division by zero may leave stale
    quotient data from a previous division, resulting in a potential
    leak of sensitive data.

CVE-2023-34319

    Ross Lagerwall discovered a buffer overrun in Xen's netback driver
    which may allow a Xen guest to cause denial of service to the
    virtualisation host my sending malformed packets.

CVE-2023-40283

    A use-after-free was discovered in Bluetooth L2CAP socket handling.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.52-1. This update is released without armel builds. Changes
in the new stable series import cause a substantial increase of the
compressed image for marvell flavour. This issue will be addressed in a
future linux update.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT85fRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TRNA/5AcjodSsYf3Z7EY00Hl9jfs69RGy9Oq9HpKsTgJhDttqwKw1h3IFLXUxz
6KzrtjCi9NGu6REnBBN9Utgz/aHPZL4KmzyQ78U4p7j3FF8b8cNyyNk2fMtxCGg9
T5/sq3SfH5N7lV3s/3aOelAi+DXfmxhyWYDxFVxkLWCvRx1xuJ6ShmtIE/virqXh
lJhvVXjbujvIcStfQYnikrsC18kbNqNZjgBsdNc8qs7PiWhYtt+Xn5nFZTfYmAbr
haixcnUG0Y59WtLg7WHdy1w2YgyrDxW+bDZLCF1ZELm+DbmQFfM9KXovfcv54AnO
UG1PkGyCF5WKaBJDWIPHz7YCXOCkOu4WXE/oRm0tKD6ZyaXgZGfYaQulgSX20qEg
xPDWWG6DOME4SO0F9OW3+MWr8AtvBdCLr2lTs/LW452GiMFgcVUSyydQwUDNQpDb
YksIh3OLz3v+7e87GCQhMoxupsxMqN4Lej+knfDs170V8I3DIz+/RpTPQfesOnOk
YOG/90+exSu0tCVAn0sh4y9Keyl6SAc7nITmSIWnsXxi0VyG3wisgDqfauMNm9Ux
87naYV2jjOc16BACVMMQQYo+1Kpqldrb0TXF7QT+ZQF/hrNXozgxlYcTDGj5AlAP
dhOA0Pa2onTFFNrTFiuWb1eTl8EgPGwpy1NIwEDyRul+YR/tCCs=
=Ulr4
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: [SECURITY] [DSA 5491-1] chromium security update
Next by Date: [SECURITY] [DSA 5493-1] open-vm-tools security update
Previous by thread: [SECURITY] [DSA 5491-1] chromium security update
Next by thread: [SECURITY] [DSA 5493-1] open-vm-tools security update
Index(es):
- Date
- Thread