Debian Security Advisory
DLA-3349-1 linux-5.10 -- LTS security update
- Date Reported:
- 02 Mar 2023
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 825141, Bug 1008501, Bug 1027430, Bug 1027483.
In Mitre's CVE dictionary: CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0240, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455, CVE-2023-23586.
- More information:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of service (system crash).
It was discovered that the Netronome Flow Processor (NFP) driver contained a use-after-free flaw in area_cache_get(), which may result in denial of service or the execution of arbitrary code.
A race condition when looking up a CONT-PTE/PMD size hugetlb page may result in denial of service or an information leak.
A use-after-free vulnerability was discovered in the io_uring subsystem.
An out-of-bounds memory write vulnerability was discovered in the vmwgfx driver, which may allow a local unprivileged user to cause a denial of service (system crash).
Hyunwoo Kim reported a use-after-free flaw in the Media DVB core subsystem caused by refcount races, which may allow a local user to cause a denial of service or escalate privileges.
An integer overflow in l2cap_config_req() in the Bluetooth subsystem was discovered, which may allow a physically proximate attacker to cause a denial of service (system crash).
Frederick Lawler reported a NULL pointer dereference in the traffic control subsystem allowing an unprivileged user to cause a denial of service by setting up a specially crafted traffic control configuration.
Davide Ornaghi discovered incorrect arithmetics when fetching VLAN header bits in the netfilter subsystem, allowing a local user to leak stack and heap addresses or potentially local privilege escalation to root.
A flaw was discovered in the io_uring subsystem that could lead to a use-after-free. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
A use-after-free flaw in the sound subsystem due to missing locking may result in denial of service or privilege escalation.
Kyle Zeng discovered a NULL pointer dereference flaw in rawv6_push_pending_frames() in the network subsystem allowing a local user to cause a denial of service (system crash).
Kyle Zeng reported that the Class Based Queueing (CBQ) network scheduler was prone to denial of service due to interpreting classification results before checking the classification return code.
Kyle Zeng reported that the ATM Virtual Circuits (ATM) network scheduler was prone to a denial of service due to interpreting classification results before checking the classification return code.
A flaw was discovered in the io_uring subsystem that could lead to an information leak. A local user could exploit this to obtain sensitive information from the kernel or other users.
For Debian 10 buster, these problems have been fixed in version 5.10.162-1~deb10u1.
This update also fixes Debian bugs #825141, #1008501, #1027430, and 5.10.159-5.10.162 inclusive.
We recommend that you upgrade your linux-5.10 packages.
For the detailed security status of linux-5.10 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux-5.10
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
--pgIrMxmM/8co4Tq2 Content-Type: application/pgp-signature; name="signature.asc"